{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-28368/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["undertow","request-smuggling","cve-2026-28368"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-28368 is a critical vulnerability found in the Undertow web server. This flaw enables a remote attacker to craft specialized HTTP requests that Undertow parses differently compared to upstream proxies. This discrepancy allows attackers to conduct request smuggling attacks, effectively bypassing security measures and potentially gaining unauthorized access to sensitive resources. The vulnerability stems from inconsistent interpretation of HTTP requests, which is a common issue in web…\u003c/p\u003e\n","date_modified":"2026-03-28T12:00:00Z","date_published":"2026-03-28T12:00:00Z","id":"/briefs/2026-03-undertow-request-smuggling/","summary":"CVE-2026-28368 is a vulnerability in Undertow that allows a remote attacker to construct specially crafted requests, leading to request smuggling attacks and potential bypass of security controls, resulting in unauthorized resource access.","title":"Undertow Request Smuggling Vulnerability (CVE-2026-28368)","url":"https://feed.craftedsignal.io/briefs/2026-03-undertow-request-smuggling/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-28368","version":"https://jsonfeed.org/version/1.1"}