High severity7.5NVD Advisory· Published May 12, 2026· Updated May 14, 2026
CVE-2026-42268
CVE-2026-42268
Description
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @verifySSN, @verifyCPF, or @verifySVNR. This vulnerability is fixed in 3.0.15.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:owasp:modsecurity:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:owasp:modsecurity:*:*:*:*:*:*:*:*range: >=3.0.0,<3.0.15
- (no CPE)range: >=3.0.0 <3.0.15
- osv-coords3 versionspkg:bitnami/modsecuritypkg:bitnami/modsecurity2pkg:rpm/opensuse/modsecurity&distro=openSUSE%20Tumbleweed
>= 3.0.0, < 3.0.15+ 2 more
- (no CPE)range: >= 3.0.0, < 3.0.15
- (no CPE)range: >= 3.0.0, < 3.0.15
- (no CPE)range: < 3.0.15-1.1
Patches
Vulnerability mechanics
References
1- github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-vwr3-7x7g-7p9wnvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.