Home / Vulnerability Intelligence / CVE-2026-26234

CVE-2026-26234 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: February 12, 2026

JUNG Smart Visu Server - Open Redirect

Published: February 12, 2026Updated: February 12, 2026Remote Exploitable

Overview

JUNG Smart Visu Server 1.1.1050 contains an open redirect caused by manipulation of the X-Forwarded-Host header, letting unauthenticated attackers redirect users to malicious domains, exploit requires crafted request with manipulated header.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 7.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can redirect users to malicious domains, enabling phishing and cache poisoning attacks.

Mitigation

Update to the latest version that fixes the header manipulation vulnerability.

References

Social Media Activity(1 post)

Offensive Sequence

@offseq

Feb 12, 2026

🔎 CVE-2026-26234 (HIGH): JUNG Smart Visu Server (v1.0.830 – 1.1.1050) allows unauthenticated X-Forwarded-Host header injection — leads to cache poisoning, phishing, and redirects. Patch when available, restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-26234-improper-neutralization-of-http-hea-13dc0f5b #OffSeq #Vuln #IoT

View original post

Related Resources

Details

CVE ID: CVE-2026-26234
Severity: High
CVSS Score: 8.8
Type: open_redirect
Status: unconfirmed
EPSS: 7.0%
Social Posts: 1

CWE

CWE-644

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

7.0%Probability of exploitation in the next 30 days