CVE-2026-3234
Published: 12 March 2026
Summary
CVE-2026-3234 is a medium-severity CRLF Injection (CWE-93) vulnerability. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-11555
Vulnerability details
A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the…
more
response body of INFO endpoint responses. Exploitation requires network access to the MCMP protocol port, but no authentication is needed.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CRLF injection in network-exposed mod_proxy_cluster MCMP endpoint (no auth) directly enables remote exploitation of a public-facing application.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.