CVE-2026-3260

EUVD-2026-14732
A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
redhatbuild_of_apache_camel_-_hawtio
4.0
redhatbuild_of_apache_camel_for_spring_boot
4.0
redhatdata_grid
8.0
redhatfuse
7.0.0
redhatjboss_enterprise_application_platform
7.0.0
redhatjboss_enterprise_application_platform
8.0.0
redhatjboss_enterprise_application_platform_expansion_pack
-
redhatprocess_automation
7.0
redhatsingle_sign-on
7.0
redhatundertow
-
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2026-3260
https://bugzilla.redhat.com/show_bug.cgi?id=2443010