securityonline.info 7/6/2026, 2:35:01 AM · external

ModSecurity patches WAF bypass flaws in version 3.0.16

ModSecurity patches WAF bypass flaws in version 3.0.16
CyberSIXT Evidence Panel
Primary Source github.com
CISA KEV Not in KEV
Patch Patch Status Unknown

THE OWASP ModSecurity team has released a patch for two vulnerabilities (CVE-2026-52747 and CVE-2026-52761) in ModSecurity version 3.0.16. These vulnerabilities allow attackers to bypass Web Application Firewall (WAF) rules without causing memory corruption or crashes. The multipart parser bypass (CVE-2026-52747) can conceal payloads that rely on split line breaks, while the transformation flaw (CVE-2026-52761) affects output on i386 architectures.

Both bugs impact versions 3.0.15 and earlier, and the recommended action is to upgrade to version 3.0.16. Addressing these vulnerabilities is crucial due to ModSecurity's widespread use and its significance in web application security.

View Primary Source Via securityonline.info

Article by CyberSIXT