Home
MEDIUM: 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HDefault status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Description
A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).
Problem types
Allocation of Resources Without Limits or Throttling
Product status
Timeline
| 2026-02-26: | Reported to Red Hat. |
| 2026-03-24: | Made public. |
References
access.redhat.com/security/cve/CVE-2026-3260
bugzilla.redhat.com/show_bug.cgi?id=2443010 (RHBZ#2443010)