CVE-2026-3260

Description

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).

References

• https://access.redhat.com/security/cve/CVE-2026-3260
• https://bugzilla.redhat.com/show_bug.cgi?id=2443010