Vulnerability Description
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jung-Group | Smart Visu Server Firmware | >= 1.0.830, <= 1.1.1050 |
| Jung-Group | Smart Visu Server | - |
Related Weaknesses (CWE)
References
- https://www.vulncheck.com/advisories/jung-smart-visu-server-improper-neutralizatThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.phpThird Party AdvisoryExploit
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.phpThird Party AdvisoryExploit
FAQ
What is CVE-2026-26234?
CVE-2026-26234 is a vulnerability with a CVSS score of 8.8 (HIGH). JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Hos...
How severe is CVE-2026-26234?
CVE-2026-26234 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-26234?
Check the references section above for vendor advisories and patch information. Affected products include: Jung-Group Smart Visu Server Firmware, Jung-Group Smart Visu Server.