CVE-2026-30923

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions libModSecurity3 versions prior to 3.0.15

Description A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. This allows an attacker to crash worker processes, resulting in a denial of service. Service resumes automatically as worker processes recover from the segmentation fault once the attack ceases.

Recommendations Update to version 3.0.15.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BIT-MODSECURITY-2026-30923

BIT-MODSECURITY2-2026-30923

CVE-2026-30923

OPENSUSE-SU-2026:10732-1

Affected Products

Libmodsecurity3

CVE-2026-30923

Weakness Enumeration

Related Identifiers

Affected Products

References · 17