CVE-2026-42268

Published: Mag 13, 2026 Last Modified: Mag 13, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,2

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @verifySSN, @verifyCPF, or @verifySVNR. This vulnerability is fixed in 3.0.15.

191

Integer Underflow (Wrap or Wraparound)

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality Access Control

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Instability Modify Memory Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Languages: C, C#, C++, Java

View CWE Details

248

Uncaught Exception

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Confidentiality

Potential Impacts:

Dos: Crash, Exit, Or Restart Read Application Data

Applicable Platforms

Languages: C#, C++, Java

View CWE Details

https://github.com/owasp-modsecurity/ModSecurity/security/a…

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-vwr3-…

CVE-2026-42268

Description

Integer Underflow (Wrap or Wraparound)

Common Consequences

Applicable Platforms

Uncaught Exception

Common Consequences

Applicable Platforms

Iscriviti alla newsletter