Data grid

This hub aggregates every CVE we track for Data grid, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Data grid.

• CVE-2026-28369Undertow: undertow: request smuggling via malformed http request headers8.7Mar 27, 2026
• CVE-2026-28367Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator8.7Mar 27, 2026
• CVE-2026-28368Undertow: undertow: request smuggling via inconsistent header parsing8.7Mar 27, 2026
• CVE-2026-3260Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests5.9Mar 24, 2026
• CVE-2026-27903minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments7.5Feb 26, 2026
• CVE-2025-5731Infinispan: credential leakage in infinispan cli5.5Jun 26, 2025
• CVE-2025-48734Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default8.8May 28, 2025
• CVE-2025-23368Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli8.1Mar 4, 2025
• CVE-2024-7885Undertow: improper state management in proxy protocol parsing causes information leakage7.5Aug 21, 2024
• CVE-2023-6717Keycloak: xss via assertion consumer service url in saml post-binding flow6.0Apr 25, 2024
• CVE-2023-5384Infinispan: credentials returned from configuration as clear text7.2Dec 18, 2023
• CVE-2023-5236Infinispan: circular reference on marshalling leads to dos4.4Dec 18, 2023
• CVE-2023-3629Infinispan: non-admins should not be able to get cache config via rest api4.3Dec 18, 2023
• CVE-2023-3628Infispan: rest bulk ops don't check permissions6.5Dec 18, 2023
• CVE-2023-4586Hotrod-client: hot rod client does not enable hostname validation when using tls that lead to a mitm attack7.4Oct 4, 2023