Vulnerability Description
A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Build Of Apache Camel - Hawtio | 4.0 |
| Redhat | Build Of Apache Camel For Spring Boot | 4.0 |
| Redhat | Data Grid | 8.0 |
| Redhat | Fuse | 7.0.0 |
| Redhat | Jboss Enterprise Application Platform | 7.0.0 |
| Redhat | Jboss Enterprise Application Platform Expansion Pack | - |
| Redhat | Process Automation | 7.0 |
| Redhat | Single Sign-On | 7.0 |
| Redhat | Undertow | - |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2026-3260Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2443010Issue TrackingVendor Advisory
FAQ
What is CVE-2026-3260?
CVE-2026-3260 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes paramete...
How severe is CVE-2026-3260?
CVE-2026-3260 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3260?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Build Of Apache Camel - Hawtio, Redhat Build Of Apache Camel For Spring Boot, Redhat Data Grid, Redhat Fuse, Redhat Jboss Enterprise Application Platform.