Web Application Firewall Vulnerability in ModSecurity by OWASP
CVE-2026-52761
5.8MEDIUM
What is CVE-2026-52761?
A transformation bypass vulnerability exists in the utf8toUnicode function of ModSecurity, affecting versions from 3.0.0 to 3.0.15 on the i386 architecture. This issue arises due to improper handling of buffer sizes and can lead to the bypass of security rules that utilize this transformation. It is essential for users of affected versions to upgrade to version 3.0.16, where this issue has been addressed, ensuring enhanced protection for web applications. For detailed updates, refer to the official advisories and releases on GitHub.
Affected Version(s)
ModSecurity >= 3.0.0, < 3.0.16
