CVE-2026-26234

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.vulncheck.com/advisories/jung-smart-visu-server-improper-neutralization-of-http-headers-for-scripting-syntax	Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.php	Third Party Advisory Exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.php	Third Party Advisory Exploit

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:jung-group:smart_visu_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:jung-group:smart_visu_server:-:*:*:*:*:*:*:*

History

20 Feb 2026, 15:14

Type	Values Removed	Values Added
First Time		Jung-group smart Visu Server Jung-group smart Visu Server Firmware Jung-group
References	~~() https://www.vulncheck.com/advisories/jung-smart-visu-server-improper-neutralization-of-http-headers-for-scripting-syntax -~~	() https://www.vulncheck.com/advisories/jung-smart-visu-server-improper-neutralization-of-http-headers-for-scripting-syntax - Third Party Advisory
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.php - Third Party Advisory, Exploit
Summary		(es) JUNG Smart Visu Server 1.1.1050 contiene una vulnerabilidad de manipulación de encabezado de solicitud que permite a atacantes no autenticados anular URL de solicitud inyectando valores arbitrarios en el encabezado X-Forwarded-Host. Los atacantes pueden manipular solicitudes proxy para generar respuestas contaminadas, lo que permite el envenenamiento de caché, posible phishing y redirigir a los usuarios a dominios maliciosos.
CPE		cpe:2.3:o:jung-group:smart_visu_server_firmware:::::::: cpe:2.3:h:jung-group:smart_visu_server:-:::::::*

12 Feb 2026, 16:16

Type	Values Removed	Values Added
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.php -

12 Feb 2026, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-12 04:15

Updated : 2026-02-20 15:14

NVD link : CVE-2026-26234

Mitre link : CVE-2026-26234

CVE.ORG link : CVE-2026-26234

JSON object : View

Products Affected

jung-group

smart_visu_server_firmware
smart_visu_server

CWE

CWE-644

Improper Neutralization of HTTP Headers for Scripting Syntax

8.8 /10