VYPR
Unrated severityNVD Advisory· Published Feb 12, 2026· Updated Mar 5, 2026

JUNG Smart Visu Server - Improper Neutralization of HTTP Headers for Scripting Syntax

CVE-2026-26234

Description

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: = 1.0.1050
  • ALBRECHT JUNG GMBH & CO. KG/JUNG Smart Visu Serverv5
    Range: 1.1.1050

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.