CVE-2026-3260
HIGH EPSS 35.3%
Published Mar 24, 20263mo ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
Published Mar 24, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago
Description
A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
35.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-770
Affected Products 13
| Vendor | Product | Version | Range |
|---|---|---|---|
| redhat | build_of_apache_camel_-_hawtio | 4.0 | any |
| redhat | build_of_apache_camel_for_spring_boot | 4.0 | any |
| redhat | data_grid | 8.0 | any |
| redhat | fuse | 7.0.0 | any |
| redhat | jboss_enterprise_application_platform | 7.0.0 | any |
| redhat | jboss_enterprise_application_platform | 8.0.0 | any |
| redhat | jboss_enterprise_application_platform_expansion_pack | * | any |
| redhat | process_automation | 7.0 | any |
| redhat | single_sign-on | 7.0 | any |
| redhat | undertow | * | any |
| redhat | enterprise_linux | 8.0 | any |
| redhat | enterprise_linux | 9.0 | any |
| redhat | enterprise_linux | 10.0 | any |
References 2
- access.redhat.com https://access.redhat.com/security/cve/CVE-2026-3260
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2443010
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.