Zero Day MonitorZDM

← Back to list

8.7

CVE-2026-28369EXPLOITED

red hat · red hat build of apache camel for spring boot

Undertow: undertow: request smuggling via malformed http request headers

Description

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure.

Affected Products

Vendor	Product	Versions
red hat	red hat build of apache camel for spring boot	—

References

https://access.redhat.com/security/cve/CVE-2026-28369(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2443262(issue-tracking, x_refsource_REDHAT)

Related News (3 articles)

Tier B

BSI Advisories9h ago

[NEU] [UNGEPATCHT] [hoch] Red Hat Undertow: Mehrere Schwachstellen ermöglichen Umgehung von Sicherheitsmaßnahmen

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-28369 | Undertow HTTP Request request smuggling

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-28369 | Undertow HTTP Request request smuggling

→ No new info (linked only)

CVSS 3.18.7 HIGH

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-444

Published3/27/2026

Last enriched8h agov4

Trending Score61

Source articles3

Independent2

Info Completeness8/14

Missing: versions, epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-1961EXP

Forman: foreman: remote code execution via command injection in websocket proxy

HIGHCVE-2026-28367EXP

Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

NONECVE-2026-5165EXP

Virtio-win: virtio-win: memory corruption via use-after-free in virtio blk device reset

NONECVE-2026-5119EXP

Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment

NONECVE-2026-4948EXP

Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 27, 2026

Discovered by ZDM

Mar 27, 2026

Updated: description, severity, activelyExploited

Mar 27, 2026

Updated: description, severity

Mar 28, 2026

Actively Exploited

Mar 30, 2026

Exploit Available

Mar 30, 2026

Updated: severity, exploitAvailable

Mar 30, 2026

Version History

v4

Last enriched 8h ago

v4Tier B8h ago

Updated severity from NONE to HIGH and marked exploit as available.

severityexploitAvailable

via BSI Advisories

v3Tier C2d ago

Updated severity to CRITICAL, corrected product to 'undertow', and changed exploit availability to false.

descriptionseverity

via VulDB

v2Tier C2d ago

Updated severity to CRITICAL, changed exploit availability to false, and provided a new description with additional details.

descriptionseverityactivelyExploited

via VulDB

v13d ago

Initial creation