CVE-2026-28367

Name of the Vulnerable Software and Affected Versions Undertow (affected versions not specified)

Description A flaw exists in Undertow that allows a remote attacker to exploit the software by sending rrr as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.