CVE-2026-26234

HIGH 8.8

JUNG Smart Visu Server - Improper Neutralization of HTTP Headers for Scripting Syntax

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.

CWE	CWE-644
Vendor	albrecht jung gmbh & co. kg
Product	jung smart visu server
Published	Feb 12, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for albrecht jung gmbh & co. kg jung smart visu server

Be the first to know when new high vulnerabilities affecting albrecht jung gmbh & co. kg jung smart visu server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

ALBRECHT JUNG GMBH & CO. KG / JUNG Smart Visu Server

1.1.1050 1.0.905 1.0.832 1.0.830

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.php vulncheck.com: https://www.vulncheck.com/advisories/jung-smart-visu-server-improper-neutralization-of-http-headers-for-scripting-syntax

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab