Vulnerability Description
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. An attacker can exploit this to crash worker processes, causing a denial of service. Service resumes once the attack stops as worker processes recover from the segfault. All versions before 3.0.15 of libModSecurity3 are affected. This has been patched in version 3.0.15.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Owasp | Modsecurity | < 3.0.15 |
Related Weaknesses (CWE)
References
- https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v3.0.15PatchProduct
- https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-qrjc-3ExploitVendor Advisory
- https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-qrjc-3ExploitVendor Advisory
FAQ
What is CVE-2026-30923?
CVE-2026-30923 is a vulnerability with a CVSS score of 7.5 (HIGH). ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occur...
How severe is CVE-2026-30923?
CVE-2026-30923 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-30923?
Check the references section above for vendor advisories and patch information. Affected products include: Owasp Modsecurity.