Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability - CVE-2026-3260

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like getParameterMap() the server prematurely parses and stores this content to disk. This could lead to resource exhaustion potentially resulting in a Denial of Service (DoS).