Remote Code Execution Vulnerability in Undertow by Red Hat
CVE-2026-3260

5.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Apache Camel For Spring Boot 4; Red Hat Build Of Apache Camel - Hawtio 4; Red Hat Data Grid 8; Red Hat Enterprise Linux 10
Vendor: CVE Published:; 24 March 2026

What is CVE-2026-3260?

A security flaw in Undertow allows remote attackers to exploit the server by sending an HTTP GET request with multipart/form-data content. When the application processes these parameters using methods such as getParameterMap(), it can lead to premature parsing and unauthorized storage of data on disk. This action can induce resource exhaustion, ultimately causing Denial of Service (DoS) situations, affecting system reliability and availability.

References

https://access.redhat.com/security/cve/CVE-2026-3260

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2443010

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Feb 26, 2026

CVE-2026-3260 Data

JSON