cbcvebase.
CVE-2026-39825
published 2026-05-07

CVE-2026-39825: ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses…

PriorityP431medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.39%
31.0th percentile
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query "a1=x&a2=x&...&a10000=x&hidden=y" can forward the parameter "hidden=y" while hiding it from the proxy's Rewrite function.

Affected

103 ranges· showing 25
VendorProductVersion rangeFixed in
3scale-amp23scale-rhel7-operator
3scale-amp23scale-rhel9-operator
advanced-cluster-securityrhacs-main-rhel8
ansible-automation-platform-26receptor-rhel9
ansible-automation-platformplatform-operator-bundle
build-of-trusteetrustee-rhel9-operator
buildah_projectbuildah
cert-managerjetstack-cert-manager-rhel9
complianceopenshift-compliance-operator-bundle
complianceopenshift-security-profiles-rhel8-operator
confidential-compute-attestation-tech-previewtrustee-rhel9-operator
confidential-containerstrustee
container-native-virtualizationkubevirt-apiserver-proxy-rhel9
container-native-virtualizationvirt-api-rhel9
container-tools_rhel8buildah
container-tools_rhel8conmon
container-tools_rhel8podman
container-tools_rhel8skopeo
cryostatcryostat-storage-rhel9
custom-metrics-autoscalercustom-metrics-autoscaler-rhel9
devspacesudi-rhel9
devworkspacedevworkspace-rhel9-operator
dvodeployment-validation-rhel8-operator
etcdetcd
external-secrets-operatorexternal-secrets-rhel9

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.