CVE-2026-26234

Summary

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.

Affected Software

VendorProductVersion RangeStatus
ALBRECHT JUNG GMBH & CO. KGJUNG Smart Visu Server1.1.1050affected
ALBRECHT JUNG GMBH & CO. KGJUNG Smart Visu Server1.0.905affected
ALBRECHT JUNG GMBH & CO. KGJUNG Smart Visu Server1.0.832affected
ALBRECHT JUNG GMBH & CO. KGJUNG Smart Visu Server1.0.830affected

Weaknesses

  • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References