CVE-2026-26234 PUBLISHED

JUNG Smart Visu Server - Improper Neutralization of HTTP Headers for Scripting Syntax

Assigner: VulnCheck
Reserved: 12.02.2026 Published: 12.02.2026 Updated: 12.02.2026

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor ALBRECHT JUNG GMBH & CO. KG
Product JUNG Smart Visu Server
Versions
  • Version 1.1.1050 is affected
  • Version 1.0.905 is affected
  • Version 1.0.832 is affected
  • Version 1.0.830 is affected

Credits

  • LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

Problem Types

  • Improper Neutralization of HTTP Headers for Scripting Syntax CWE