CVE-2026-3260
Denial of Service via Multipart Parsing in Undertow Server
Publication date: 2026-03-24
Last updated on: 2026-04-08
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | jboss_enterprise_application_platform | 7.0.0 |
| redhat | undertow | * |
| redhat | enterprise_linux | 8.0 |
| redhat | single_sign-on | 7.0 |
| redhat | process_automation | 7.0 |
| redhat | data_grid | 8.0 |
| redhat | jboss_enterprise_application_platform_expansion_pack | * |
| redhat | enterprise_linux | 9.0 |
| redhat | jboss_enterprise_application_platform | 8.0.0 |
| redhat | enterprise_linux | 10.0 |
| redhat | fuse | 7.0.0 |
| redhat | build_of_apache_camel_-_hawtio | 4.0 |
| redhat | build_of_apache_camel_for_spring_boot | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3260 is a vulnerability in Undertow, a web server component used in Wildfly. It occurs when a remote attacker sends an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like getParameterMap(), Undertow prematurely parses and stores this multipart content to disk.
This behavior is unusual because GET requests typically do not carry multipart/form-data payloads. The premature parsing and storing of this data can lead to resource exhaustion on the server.
How can this vulnerability impact me? :
The vulnerability can lead to a Denial of Service (DoS) attack. Because the server unnecessarily processes and stores potentially large multipart data sent in GET requests, it can exhaust server resources such as disk space and memory.
This resource exhaustion can cause the server to become unresponsive or crash, impacting availability of the affected application or service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP GET requests that contain multipart/form-data content, which is unusual since GET requests typically do not carry such payloads.'}, {'type': 'paragraph', 'content': 'You can inspect web server logs or use network traffic analysis tools to identify GET requests with multipart/form-data headers.'}, {'type': 'paragraph', 'content': 'For example, using command-line tools like tcpdump or tshark to filter HTTP GET requests with multipart/form-data content might help detect exploitation attempts.'}, {'type': 'list_item', 'content': "tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'GET' | grep 'multipart/form-data'"}, {'type': 'list_item', 'content': 'tshark -Y \'http.request.method == "GET" && http.content_type contains "multipart/form-data"\' -T fields -e ip.src -e http.host -e http.request.uri'}, {'type': 'paragraph', 'content': 'Additionally, reviewing application logs for calls to parameter-parsing methods like getParameterMap() during GET requests may help identify vulnerable behavior.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or blocking HTTP GET requests that contain multipart/form-data content at the web server or application firewall level.
You should also update Undertow to a version where this vulnerability is fixed, as the issue arises from premature parsing and storing of multipart data on GET requests.
If updating is not immediately possible, consider implementing input validation to reject or ignore multipart/form-data content in GET requests within the application.
Monitoring resource usage to detect unusual disk or memory consumption caused by multipart data processing can also help in early detection and response.