PT-2026-38566 · Unknown · Reverseproxy

Neild

·

Published

2026-05-07

·

Updated

2026-05-20

·

CVE-2026-39825

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions ReverseProxy (affected versions not specified)
Description ReverseProxy can forward queries containing parameters that are not visible to Rewrite functions. When utilizing a Rewrite function or a Director function that parses query parameters, ReverseProxy sanitizes the forwarded request by removing parameters not parsed by url.ParseQuery. However, it fails to account for the total query parameter limit defined by GODEBUG=urlmaxqueryparams=N. This allows a request to forward a parameter, such as hidden=y, while keeping it hidden from the proxy's Rewrite function by exceeding the parameter limit with other entries.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Related Identifiers

BIT-GOLANG-2026-39825
CLEANSTART-2026-AN32474
CLEANSTART-2026-AP95632
CLEANSTART-2026-AQ65185
CLEANSTART-2026-AY89602
CLEANSTART-2026-BD19566
CLEANSTART-2026-BG69533
CLEANSTART-2026-BN09969
CLEANSTART-2026-BR79647
CLEANSTART-2026-BS27946
CLEANSTART-2026-CD71342
CLEANSTART-2026-CD91667
CLEANSTART-2026-CF88804
CLEANSTART-2026-CK61704
CLEANSTART-2026-CR00119
CLEANSTART-2026-DH72490
CLEANSTART-2026-DM19620
CLEANSTART-2026-EI06494
CLEANSTART-2026-FC24138
CLEANSTART-2026-GB02436
CLEANSTART-2026-GB36430
CLEANSTART-2026-GB83728
CLEANSTART-2026-GE45898
CLEANSTART-2026-GJ69402
CLEANSTART-2026-GQ00159
CLEANSTART-2026-GR41888
CLEANSTART-2026-GU95761
CLEANSTART-2026-GY76045
CLEANSTART-2026-HJ72983
CLEANSTART-2026-HM31566
CLEANSTART-2026-IP78312
CLEANSTART-2026-JO51351
CLEANSTART-2026-JQ70227
CLEANSTART-2026-KA21986
CLEANSTART-2026-KO66630
CLEANSTART-2026-LA67881
CLEANSTART-2026-LI56163
CLEANSTART-2026-LN66182
CLEANSTART-2026-MI82983
CLEANSTART-2026-MJ60235
CLEANSTART-2026-MK07381
CLEANSTART-2026-ML42911
CLEANSTART-2026-MR50866
CLEANSTART-2026-MX56097
CLEANSTART-2026-NT10973
CLEANSTART-2026-OB67529
CLEANSTART-2026-OF37807
CLEANSTART-2026-OH43332
CLEANSTART-2026-OX06093
CLEANSTART-2026-OX51942
CLEANSTART-2026-PB32291
CLEANSTART-2026-PK19530
CLEANSTART-2026-PV53006
CLEANSTART-2026-QO29688
CLEANSTART-2026-QO30809
CLEANSTART-2026-QP84300
CLEANSTART-2026-QR52625
CLEANSTART-2026-QS87161
CLEANSTART-2026-QU88766
CLEANSTART-2026-RD75979
CLEANSTART-2026-RX06063
CLEANSTART-2026-RZ44006
CLEANSTART-2026-RZ88142
CLEANSTART-2026-SE34232
CLEANSTART-2026-TD06078
CLEANSTART-2026-TD94714
CLEANSTART-2026-TH33219
CLEANSTART-2026-TK06108
CLEANSTART-2026-UF28691
CLEANSTART-2026-VU08393
CVE-2026-39825
GO-2026-4976
OPENSUSE-SU-2026:10723-1
OPENSUSE-SU-2026:10741-1

Affected Products

Reverseproxy