Fuse

This hub aggregates every CVE we track for Fuse, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Fuse.

• CVE-2026-28369Undertow: undertow: request smuggling via malformed http request headers8.7Mar 27, 2026
• CVE-2026-28367Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator8.7Mar 27, 2026
• CVE-2026-28368Undertow: undertow: request smuggling via inconsistent header parsing8.7Mar 27, 2026
• CVE-2026-3260Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests5.9Mar 24, 2026
• CVE-2025-57849Fuse: privilege escalation via excessive /etc/passwd permissions6.4Mar 13, 2026
• CVE-2025-9784Undertow: undertow madeyoureset http/2 ddos vulnerability7.5Sep 2, 2025
• CVE-2024-1635Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol7.5Feb 19, 2024
• CVE-2023-1108Undertow: infinite loop in sslconduit during close7.5Sep 14, 2023
• CVE-2021-4178A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and priv...6.7Aug 24, 2022
• CVE-2021-3690A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from ...7.5Aug 23, 2022
• CVE-2021-3597A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availab...5.9May 24, 2022
• CVE-2020-10688A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occur...6.1May 27, 2021
• CVE-2020-25689A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not ab...5.3Oct 30, 2020
• CVE-2019-14900A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is ...6.5Jul 6, 2020
• CVE-2020-10719A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request...6.5May 26, 2020