Undertow Multipart Data Parsing Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in Undertow, specifically in its use within WildFly applications. The issue arises when a server receives an HTTP GET request with multipart/form-data content. If the application processes this data using certain parameter-parsing methods, the server inadvertently parses and writes the content to disk before it is needed. This premature handling can cause resource exhaustion, disrupting normal service operations.

Impact

Exploitation of this vulnerability leads to resource exhaustion on the server, causing a denial-of-service condition. The unnecessary parsing and disk storage of multipart data can consume significant CPU and memory resources, potentially causing the application or server to become unresponsive.

Added: Mar 24, 2026, 5:22 AM

Updated: Mar 24, 2026, 5:22 AM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

7.6

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

7.6

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Undertow Multipart Data Parsing Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

Red Hat Undertow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating