CVE-2026-3234 Mod_proxy_cluster: mod_proxy_cluster: response body corruption via crlf injection

🗓️ 12 Mar 2026 10:54:25Reported by redhatType

CVE-2026-3234: mod_proxy_cluster CRLF injection corrupts INFO responses via decodeenc without authentication.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2026-3234	12 Mar 202612:53	–	circl
CNNVD	mod_cluster 注入漏洞	12 Mar 202600:00	–	cnnvd
CVE	CVE-2026-3234	12 Mar 202610:54	–	cve
EUVD	EUVD-2026-11555	12 Mar 202612:30	–	euvd
NVD	CVE-2026-3234	12 Mar 202611:15	–	nvd
Positive Technologies	PT-2026-24940	12 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-3234	4 Mar 202623:44	–	redhatcve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-3234	6 Mar 202600:00	–	nessus
Vulnrichment	CVE-2026-3234 Mod_proxy_cluster: mod_proxy_cluster: response body corruption via crlf injection	12 Mar 202610:54	–	vulnrichment

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "mod_proxy_cluster",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "mod_proxy_cluster",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Core Services",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "jbcs-httpd24-mod_proxy_cluster",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:jboss_core_services:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Core Services",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "mod_proxy_cluster",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:jboss_core_services:1"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2026-3234
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

12 Mar 2026 10:54Current

CVSS 3.14.3

EPSS0.00131

CWE-93