CVE-2026-3234

MEDIUM

mod_proxy_cluster - CRLF Injection

Title source: llm

Description

A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoint responses. Exploitation requires network access to the MCMP protocol port, but no authentication is needed.

References (2)

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2026-3234

[Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2442889

Scores

CVSS v3 4.3

EPSS 0.0012

EPSS Percentile 31.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-93

Status published

Published Mar 12, 2026

Tracked Since Mar 12, 2026