CVE-2026-42268

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions ModSecurity versions 3.0.0 through 3.0.14

Description An unhandled exception (std::out of range) occurs in libmodsecurity3 due to an unsigned integer underflow. This issue is triggered when an administrator utilizes any of the following rules: @verifySSN, @verifyCPF, or @verifySVNR.

Recommendations Update to version 3.0.15. As a temporary workaround, avoid using the rules @verifySSN, @verifyCPF, and @verifySVNR until the update is applied.

Exploit

Fix

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-248CWE-191

Related Identifiers

BIT-MODSECURITY-2026-42268

BIT-MODSECURITY2-2026-42268

CVE-2026-42268

OPENSUSE-SU-2026:10732-1

Affected Products

Modsecurity

CVE-2026-42268

Weakness Enumeration

Related Identifiers

Affected Products

References · 15