CVE-2026-21876

🗓️ 08 Jan 2026 14:15:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 2 Views

Bug in rule 922110 of OWASP CRS before 4.22.0 and 3.3.8 overwrites TX captures in multipart requests.

Reporter	Title	Published	Views	Family All 46
GithubExploit	Exploit for CVE-2026-21876	7 Jan 202614:48	–	githubexploit
ATTACKERKB	CVE-2026-4048	20 Apr 202613:36	–	attackerkb
ATTACKERKB	CVE-2026-3518	20 Apr 202613:29	–	attackerkb
ATTACKERKB	CVE-2026-3519	20 Apr 202613:32	–	attackerkb
ATTACKERKB	CVE-2026-3517	20 Apr 202613:22	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : mod_security_crs (ALAS2023-2026-1399)	5 Feb 202600:00	–	nessus
Tenable Nessus	Debian dla-4488 : modsecurity-crs - security update	22 Feb 202600:00	–	nessus
Tenable Nessus	Debian dsa-6105 : modsecurity-crs - security update	21 Jan 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-21876	8 Jan 202600:00	–	nessus
Amazon	Important: mod_security_crs	5 Feb 202600:00	–	amazon

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	26.04	any	modsecurity-crs	0	modsecurity-crs_0_any.deb
Ubuntu	18.04	any	modsecurity-crs	0	modsecurity-crs_0_any.deb
Ubuntu	20.04	any	modsecurity-crs	0	modsecurity-crs_0_any.deb
Ubuntu	22.04	any	modsecurity-crs	0	modsecurity-crs_0_any.deb
Ubuntu	24.04	any	modsecurity-crs	0	modsecurity-crs_0_any.deb
Ubuntu	25.10	any	modsecurity-crs	0	modsecurity-crs_0_any.deb

Source	Link
cve	www.cve.org/CVERecord
github	www.github.com/coreruleset/coreruleset/security/advisories/GHSA-36fv-25j3-r2c5
github	www.github.com/coreruleset/coreruleset/commit/80d80473abf71bd49bf6d3c1ab221e3c74e4eb83
github	www.github.com/coreruleset/coreruleset/commit/9917985de09a6cf38b3261faf9105e909d67a7d6
github	www.github.com/coreruleset/coreruleset/releases/tag/v3.3.8
github	www.github.com/coreruleset/coreruleset/releases/tag/v4.22.0

13 Jan 2026 14:37Current

6Medium risk

Vulners AI Score6

CVSS 3.15.3 - 9.3

EPSS0.03984

SSVC

multipart processing tx captures charset risk core rule set