1. Home
  2. CVE Database
  3. CVE-2026-3234
MEDIUM · 4.3

CVE-2026-3234

A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting ...

Vulnerability Description

A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoint responses. Exploitation requires network access to the MCMP protocol port, but no authentication is needed.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-93

References

FAQ

What is CVE-2026-3234?

CVE-2026-3234 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting ...

How severe is CVE-2026-3234?

CVE-2026-3234 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-3234?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.