Owasp-modsecurity Modsecurity
7 CVEs affecting Owasp-modsecurity Modsecurity. Latest disclosed: 2026-05-12. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42268 | High | 7.5 | 2026-05-12 | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandl… |
CVE-2026-30923 | High | 7.5 | 2026-05-05 | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecuri… |
CVE-2025-48866 | High | 7.5 | 2025-06-02 | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of ser… |
CVE-2025-47947 | High | 7.5 | 2025-05-21 | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerabl… |
CVE-2025-52891 | Medium | 6.5 | 2025-07-02 | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML… |
CVE-2025-54571 | | 2025-08-05 | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can ov… | |
CVE-2025-27110 | | 2025-02-25 | Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and… |