Is CVE-2026-28368 actively exploited?

CVE-2026-28368 has no public evidence of in-the-wild exploitation as of 2026-03-31.

What is the CVSS score for CVE-2026-28368?

CVE-2026-28368 has a CVSS score of 8.7 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N.

How do I patch CVE-2026-28368?

Patch guidance is available from redhat security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-28368.

Fix CVE-2026-28368 - HIGH | CVEDatabase.com

Q: Which products are affected by CVE-2026-28368?

11 products: redhat build of apache camel - hawtio, redhat build of apache camel for spring boot, redhat data grid, redhat fuse, redhat jboss enterprise application platform, and 6 more.

Description

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Attack Vector: network
Complexity: high
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: none
Weaknesses: CWE-444

Metadata

Primary Vendor: REDHAT
Published: 3/27/2026
Last Modified: 3/31/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

redhat : build_of_apache_camel_-_hawtioredhat : build_of_apache_camel_for_spring_bootredhat : data_gridredhat : fuseredhat : jboss_enterprise_application_platformredhat : jboss_enterprise_application_platformredhat : jboss_enterprise_application_platform_expansion_packredhat : process_automationredhat : single_sign-onredhat : undertowredhat : enterprise_linux

Remediation Guidance

Executive Summary

View on NIST NVD