Owasp Owasp_modsecurity_core_rule_set

9 CVEs affecting Owasp Owasp_modsecurity_core_rule_set. Latest disclosed: 2026-04-02. Critical: 3, High: 5.

Top CVEs affecting Owasp Owasp_modsecurity_core_rule_set
CVESeverityScorePublishedSummary
CVE-2020-22669Critical9.82022-09-02Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable…
CVE-2021-35368Critical9.82021-11-05OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
CVE-2026-21876Critical9.32026-01-08The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8…
CVE-2022-39958High7.52022-09-20The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedl…
CVE-2018-16384High7.52018-09-03A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special fu…
CVE-2022-39957High7.32022-09-20The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset…
CVE-2022-39956High7.32022-09-20The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character en…
CVE-2022-39955High7.32022-09-20The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indica…
CVE-2026-33691Medium6.82026-04-02The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0…