VDB
CVE-2026-3260
CVE-2026-3260
PUBLISHED
CVSS 5.900000095367432 MEDIUM
Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests
EPSS 0.49% · 66.0th percentile
Risk Scores
CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.49%
66.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | |
| Maven | io.undertow:undertow-core | 0, 0, 0 |
| Red Hat | Red Hat Single Sign-On 7 | |
| Red Hat | Red Hat build of Apache Camel - HawtIO 4 | |
| Red Hat | Red Hat Fuse 7 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 | |
| Red Hat | Red Hat Enterprise Linux 10 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Process Automation 7 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | |
| Red Hat | Red Hat Data Grid 8 | |
| Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
Timeline
- Mar 24, 2026 CVE Published
- Mar 24, 2026 EPSS Score
- Mar 25, 2026 EPSS Score
- Mar 25, 2026 Coalition ESS Score
- Mar 25, 2026 PoC Published
- Mar 27, 2026 CVE Updated
- Mar 28, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score