PatchSiren

owasp-modsecurity CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM owasp-modsecurity CVE published 2026-07-10

CVE-2026-52761

CVE-2026-52761 is a vulnerability in ModSecurity, an open-source web application firewall engine. The t:utf8toUnicode transformation in versions 3.0.0 through 3.0.15 produces incorrect output on i386 architecture due to improper use of snprintf. This issue allows rules using this transformation to be bypassed on i386 architecture, potentially leading to security risks. The vulnerability is fixed in versio [truncated]

HIGH owasp-modsecurity CVE published 2026-07-10

CVE-2026-52747

CVE-2026-52747 is a high-severity vulnerability in ModSecurity, a web application firewall engine. The vulnerability allows attackers to bypass security rules by exploiting the multipart/form-data request body parser, which silently removes embedded line breaks from non-file form-field values. This parser differential can cause rules that inspect ARGS or ARGS_POST to miss payloads whose dangerous syntax d [truncated]