PT-2026-7814 · Jung · Jung Smart Visu Server
Gjoko Krstic
·
Published
2026-02-12
·
Updated
2026-02-20
·
CVE-2026-26234
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JUNG Smart Visu Server version 1.1.1050
Description
JUNG Smart Visu Server version 1.1.1050 contains a request header manipulation issue that allows unauthenticated attackers to override request URLs by injecting arbitrary values into the
X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, potentially leading to cache poisoning, phishing, and redirection of users to malicious domains. The vulnerability involves improper neutralization of HTTP headers for scripting syntax.Recommendations
Restrict access to the
X-Forwarded-Host header to prevent manipulation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jung Smart Visu Server