Fuse
This hub aggregates every CVE we track for Fuse, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
39
CVEs tracked
5
Critical
13
High
3
In CISA KEV
Severity distribution
MEDIUM14HIGH13LOW7CRITICAL5
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
1
0
5
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Fuse.
- CVE-2026-28367Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator8.7
- CVE-2026-28369Undertow: undertow: request smuggling via malformed http request headers8.7
- CVE-2026-28368Undertow: undertow: request smuggling via inconsistent header parsing8.7
- CVE-2026-3260Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests5.9
- CVE-2025-57849Fuse: privilege escalation via excessive /etc/passwd permissions6.4
- CVE-2025-12543Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf9.6
- CVE-2025-9784Undertow: undertow madeyoureset http/2 ddos vulnerability7.5
- CVE-2024-1635Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol7.5
- CVE-2023-1108Undertow: infinite loop in sslconduit during close7.5
- CVE-2021-4178A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and priv...6.7
- CVE-2021-3690A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from ...7.5
- CVE-2021-3597A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availab...5.9
- CVE-2020-10688A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occur...6.1
- CVE-2020-25689A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not ab...5.3
- CVE-2019-14900A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is ...6.5
Product normalization is registry-driven with AI assist and human review. How it works