HIGHCVE-2026-26234Published Modified CNA VulnCheck
CVE-2026-26234: JUNG Smart Visu Server - Improper Neutralization of HTTP Headers for Scripting Syntax
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.
Metrics
- CVSS v4.0
- 8.7
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- ALBRECHT JUNG GMBH & CO. KG / JUNG Smart Visu Server1.1.1050 · 1.0.905 · 1.0.832 · 1.0.830
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N