216.73.217.64

CVE-2026-52761

· Published 11/07/2026 00:16 · Author: The MITRE Corporation

Labels: CVE-2026-52761

Essential information

Published
11/07/2026 00:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
5.8 MEDIUM (v3.1)
CISA KEV
No
CWE
CWE-467
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CVSS metrics

Description

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8_to_unicode.cc produces wrong output on i386 architecture because snprintf uses sizeof on a char pointer rather than the length of the unicode buffer, allowing rules that use this transformation to be bypassed on i386 architecture. This issue is fixed in version 3.0.16.

NVD status

NVD
View on NVD