Vulnerability in Red Hat Build Of Apache Camel For Spring Boot 4
CVE-2026-28369
A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP sta…
Vulnerability class: HTTP Request Smuggling
EPSS: 0.000 (15.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N.
Affected products
- Red Hat Build Of Apache Camel For Spring Boot 4
- Red Hat Build Of Apache Camel - Hawtio 4
- Red Hat Data Grid 8
- Red Hat Enterprise Linux 10
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Red Hat Fuse 7
- Red Hat Jboss Enterprise Application Platform 7
- Red Hat Jboss Enterprise Application Platform 8
- Red Hat Jboss Enterprise Application Platform Expansion Pack
Weakness classification (CWE)
References
- access.redhat.com/security/cve/CVE-2026-28369 (vdb-entry, x_refsource_REDHAT)
- RHBZ#2443262 (issue-tracking, x_refsource_REDHAT)
Frequently asked questions
- What is CVE-2026-28369?
- CVE-2026-28369 is a high-severity vulnerability in Red Hat Build Of Apache Camel For Spring Boot 4, classified under Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling). CVSS score: 8.7/10. Published 2026-03-27.
- How severe is CVE-2026-28369?
- High severity. CVSS v3 base score is 8.7 out of 10.