CVE-2026-42268 Common Vulnerabilities and Exposures

Upstream information

CVE-2026-42268 at MITRE

Description

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @verifySSN, @verifyCPF, or @verifySVNR. This vulnerability is fixed in 3.0.15.

SUSE information

Overall state of this security issue: Does not affect SUSE products

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`libmodsecurity3 >= 3.0.15-1.1` `modsecurity >= 3.0.15-1.1` `modsecurity-devel >= 3.0.15-1.1`	Patchnames: openSUSE-Tumbleweed-2026-10732

SUSE Timeline for this CVE

CVE page created: Sat May 9 11:47:38 2026
CVE page last modified: Wed May 13 11:59:54 2026