Home / mailings [USN-8144-1] Undertow vulnerability
Posted on 02 April 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8144-1
April 02, 2026
undertow vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Undertow would allow unintended access to user sessions over the network.
Software Description:
- undertow: Java web server based on non-blocking IO
Details:
It was discovered that Undertow incorrectly validated the Host header in
incoming HTTP requests. A remote attacker could possibly use this issue
to gain unintended access to user sessions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libundertow-java 2.3.8-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libundertow-java 2.2.16-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libundertow-java 2.0.29-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libundertow-java 1.4.23-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libundertow-java 1.3.16-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8144-1
CVE-2025-12543
--===============1015983309086022897==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
