Known Vulnerabilities for Undertow by Redhat
Listed below are 10 of the newest known vulnerabilities associated with "Undertow" by "Redhat".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-28369 | A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spac... | Not Provided | 2026-03-27 | 2026-04-01 |
| CVE-2026-28368 | A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where heade... | Not Provided | 2026-03-27 | 2026-04-01 |
| CVE-2026-28367 | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminat... | Not Provided | 2026-03-27 | 2026-04-01 |
| CVE-2024-3884 | A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinit... | Not Provided | 2025-12-03 | 2026-04-01 |
| CVE-2021-20220 | A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-201... | 4.8 - MEDIUM | 2021-02-23 | 2022-02-22 |
| CVE-2021-3859 | A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw al... | 7.5 - HIGH | 2022-08-26 | 2022-12-13 |
| CVE-2021-3690 | A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw a... | 7.5 - HIGH | 2022-08-23 | 2023-07-07 |
| CVE-2021-3629 | A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially ... | 5.9 - MEDIUM | 2022-05-24 | 2023-02-07 |
| CVE-2021-3597 | A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a ... | 5.9 - MEDIUM | 2022-05-24 | 2022-11-10 |
| CVE-2020-10687 | A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-20... | 4.8 - MEDIUM | 2020-09-23 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Undertow | 7.1.2 | All | All | All |
| Application | Redhat | Undertow | 2.2.4 | All | All | All |
| Application | Redhat | Undertow | 2.2.3 | All | All | All |
| Application | Redhat | Undertow | 2.2.2 | All | All | All |
| Application | Redhat | Undertow | 2.2.1 | All | All | All |
| Application | Redhat | Undertow | 2.2.0 | All | All | All |
| Application | Redhat | Undertow | 2.1.6 | All | All | All |
| Application | Redhat | Undertow | 2.1.1 | All | All | All |
| Application | Redhat | Undertow | 2.1.0 | All | All | All |
| Application | Redhat | Undertow | 2.0.9 | All | All | All |
| Application | Redhat | Undertow | 2.0.8 | All | All | All |
| Application | Redhat | Undertow | 2.0.7 | All | All | All |
| Application | Redhat | Undertow | 2.0.6 | All | All | All |
| Application | Redhat | Undertow | 2.0.5 | All | All | All |
| Application | Redhat | Undertow | 2.0.4 | All | All | All |
| Application | Redhat | Undertow | 2.0.30 | All | All | All |
| Application | Redhat | Undertow | 2.0.30 | - | All | All |
| Application | Redhat | Undertow | 2.0.30 | sp1 | All | All |
| Application | Redhat | Undertow | 2.0.3 | All | All | All |
| Application | Redhat | Undertow | 2.0.29 | All | All | All |