SecBoard
Zurück zur CVE-Übersicht

CVE-2026-3260

NONE
Risk Signal Score0/100 — NIEDRIG

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

Beschreibung

Rejected reason: The Undertow web server enforces a default maximum HTTP request entity size limit. Any request (including GET or HEAD) containing a body that exceeds this configurable limit is safely dropped by the server, preventing single-request Resource Exhaustion (Out of Memory) Denial of Service attacks.

GitHub Advisories

GHSA-3x3v-w654-m28mMEDIUM

Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests

maven/io.undertow:undertow-core
GitHub Advisory