Vulnerability in Red Hat Build Of Apache Camel For Spring Boot 4
CVE-2026-28367
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Se…
Vulnerability class: HTTP Request Smuggling
EPSS: 0.000 (15.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N.
Affected products
- Red Hat Build Of Apache Camel For Spring Boot 4
- Red Hat Build Of Apache Camel - Hawtio 4
- Red Hat Data Grid 8
- Red Hat Enterprise Linux 10
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Red Hat Fuse 7
- Red Hat Jboss Enterprise Application Platform 7
- Red Hat Jboss Enterprise Application Platform 8
- Red Hat Jboss Enterprise Application Platform Expansion Pack
Weakness classification (CWE)
References
- access.redhat.com/security/cve/CVE-2026-28367 (vdb-entry, x_refsource_REDHAT)
- RHBZ#2443260 (issue-tracking, x_refsource_REDHAT)
Frequently asked questions
- What is CVE-2026-28367?
- CVE-2026-28367 is a high-severity vulnerability in Red Hat Build Of Apache Camel For Spring Boot 4, classified under Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling). CVSS score: 8.7/10. Published 2026-03-27.
- How severe is CVE-2026-28367?
- High severity. CVSS v3 base score is 8.7 out of 10.