CVE-2026-42268
ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @verifySSN, @verifyCPF, or @verifySVNR. This vulnerability is fixed in 3.0.15.
| CWE | CWE-191 CWE-248 |
| Vendor | owasp-modsecurity |
| Product | modsecurity |
| Published | May 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for owasp-modsecurity modsecurity
Be the first to know when new unknown vulnerabilities affecting owasp-modsecurity modsecurity are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
owasp-modsecurity / ModSecurity
>= 3.0.0, < 3.0.15