Primary

Context

Undertow Denial-of-Service Vulnerability in Multiple NetApp Products

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Undertow, a web server component used in various NetApp products. This issue arises because the HTTP2SourceChannel does not properly write the final frame in certain situations, leading to a denial-of-service condition. The vulnerability affects Undertow versions prior to 2.0.35.SP1, 2.2.6.SP1, 2.2.7.SP1, 2.0.36.SP1, 2.2.9.Final, and 2.0.39.Final.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition, disrupting the availability of the application or service using the affected Undertow version.

Remediation

This vulnerability has been addressed in Undertow versions 2.0.35.SP1, 2.2.6.SP1, 2.2.7.SP1, 2.0.36.SP1, 2.2.9.Final, and 2.0.39.Final. Users should upgrade to one of these versions.

Added: Apr 7, 2026, 11:23 AM

Updated: Apr 7, 2026, 11:23 AM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Undertow Denial-of-Service Vulnerability in Multiple NetApp Products

Vulnerability

Impact

Remediation

Affected Products

Red Hat Undertow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating