Vulnerability in Red Hat Build Of Apache Camel For Spring Boot 4
CVE-2026-28368
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation…
Vulnerability class: HTTP Request Smuggling
EPSS: 0.000 (7.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N.
Affected products
- Red Hat Build Of Apache Camel For Spring Boot 4
- Red Hat Build Of Apache Camel - Hawtio 4
- Red Hat Data Grid 8
- Red Hat Enterprise Linux 10
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Red Hat Fuse 7
- Red Hat Jboss Enterprise Application Platform 7
- Red Hat Jboss Enterprise Application Platform 8
- Red Hat Jboss Enterprise Application Platform Expansion Pack
Weakness classification (CWE)
References
- access.redhat.com/security/cve/CVE-2026-28368 (vdb-entry, x_refsource_REDHAT)
- RHBZ#2443261 (issue-tracking, x_refsource_REDHAT)
Frequently asked questions
- What is CVE-2026-28368?
- CVE-2026-28368 is a high-severity vulnerability in Red Hat Build Of Apache Camel For Spring Boot 4, classified under Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling). CVSS score: 8.7/10. Published 2026-03-27.
- How severe is CVE-2026-28368?
- High severity. CVSS v3 base score is 8.7 out of 10.