Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Jboss EAP Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability - CVE-2026-28367 - Vulnerability Database
Jboss EAP

Jboss EAP Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability - CVE-2026-28367

Critical
Reference: CVE-2026-28367
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-28367
Title: Jboss EAP Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability
Overview:

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending rrr as a header block terminator. This can be used for request smuggling with certain proxy servers such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer potentially leading to unauthorized access or manipulation of web requests.