Red hat data grid 8

This hub aggregates every CVE we track for Red hat data grid 8, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat data grid 8.

• CVE-2026-11577Keycloak: keycloak: privilege escalation via partialimport fgap permission bypass7.2Jun 8, 2026
• CVE-2026-28369Undertow: undertow: request smuggling via malformed http request headers8.7Mar 27, 2026
• CVE-2026-28367Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator8.7Mar 27, 2026
• CVE-2026-28368Undertow: undertow: request smuggling via inconsistent header parsing8.7Mar 27, 2026
• CVE-2026-3260Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests5.9Mar 24, 2026
• CVE-2024-4027Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks7.5Jan 30, 2026
• CVE-2026-0603Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection8.3Jan 23, 2026
• CVE-2025-12543Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf9.6Jan 7, 2026
• CVE-2024-3884Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded7.5Dec 3, 2025
• CVE-2025-9784Undertow: undertow madeyoureset http/2 ddos vulnerability7.5Sep 2, 2025
• CVE-2024-6875Infinispan: infinispan: rest compare api has buffer leak6.5Mar 28, 2025
• CVE-2025-23368Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli8.1Mar 4, 2025
• CVE-2024-11831Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript5.4Feb 10, 2025
• CVE-2025-23367Org.wildfly.core:wildfly-server: wildfly improper rbac permission6.5Jan 30, 2025
• CVE-2023-4639Undertow: cookie smuggling/spoofing7.4Nov 17, 2024