SUSE CVE-2026-42268

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...

CVE-2026-42268

A flaw was found in ModSecurity, an open-source web application firewall WAF. This vulnerability occurs when an administrator configures a rule that uses @verifySSN, @verifyCPF, or @verifySVNR functions. An unhandled exception, specifically an unsigned integer underflow, can lead to a denial of...

CVE-2026-42268

ModSecurity (libmodsecurity3) versions 3.0.0–3.0.14 expose an unhandled std::out_of_range exception caused by an unsigned integer underflow when using the operators @verifySSN, @verifyCPF, or @verifySVNR. The vulnerability affects the WAF engine for Apache, IIS, and Nginx and is fixed in 3.0.15. ...

PT-2026-36537

Name of the Vulnerable Software and Affected Versions libModSecurity3 versions prior to 3.0.15 Description A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. This allows an attacker to crash worker processe...