CVE-2026-52761 is a vulnerability in ModSecurity, an open-source web application firewall engine. The t:utf8toUnicode transformation in versions 3.0.0 through 3.0.15 produces incorrect output on i386 architecture due to improper use of snprintf. This issue allows rules using this transformation to be bypassed on i386 architecture, potentially leading to security risks. The vulnerability is fixed in versio [truncated]
CVE-2026-52747 is a high-severity vulnerability in ModSecurity, a web application firewall engine. The vulnerability allows attackers to bypass security rules by exploiting the multipart/form-data request body parser, which silently removes embedded line breaks from non-file form-field values. This parser differential can cause rules that inspect ARGS or ARGS_POST to miss payloads whose dangerous syntax d [truncated]