CVE-2026-3234

Published: Mar 12, 2026 Last Modified: Mar 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,3

Source: [email protected]

Attack Vector: adjacent_network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: none

Description

AI Translation Available

A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoint responses. Exploitation requires network access to the MCMP protocol port, but no authentication is needed.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0005

Percentile

0,2th

Updated

EPSS Score Trend (Last 6 Days)

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity

Potential Impacts:

Modify Application Data

Applicable Platforms

All platforms may be affected

View CWE Details

https://access.redhat.com/security/cve/CVE-2026-3234

https://bugzilla.redhat.com/show_bug.cgi?id=2442889

CVE-2026-3234

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 6 Days)

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter