CVE-2026-28368CRITICAL 8.7EPSS p48.4%

CVE-2026-28368CVE-2026-28368

redhat / build_of_apache_camel_-_hawtio

Description

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.

Scoring

CVSS 3.18.7 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS0.70% probability of exploitation · percentile 48.4% · 2026-06-19T12:03:05Z
Published2026-03-27
Last modified2026-06-10

Underlying weaknesses· 1

CWE-444

References

  1. https://access.redhat.com/security/cve/CVE-2026-28368
  2. https://bugzilla.redhat.com/show_bug.cgi?id=2443261

1

TypeTargetConfidenceTier
WeaknessInconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')cwe-4440%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-28369
CVE
CVE-2026-28367
CVE
CVE-2025-12543
CVE
CVE-2026-1502
CVE
CVE-2026-39858
CVE
CVE-2026-8620
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.