CVE-2026-3234
MEDIUMmod_proxy_cluster - CRLF Injection via decodeenc() Function
Title source: llmDescription
A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoint responses. Exploitation requires network access to the MCMP protocol port, but no authentication is needed.
References (2)
Core 2
Core References
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-3234
Vendor Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2442889
Scores
CVSS v3
4.3
EPSS
0.0033
EPSS Percentile
24.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-93
Status
published
Published
Mar 12, 2026
Tracked Since
Mar 12, 2026