Query regarding impact of CVE-2026-24733 on Messaging Gateway
search cancel

Query regarding impact of CVE-2026-24733 on Messaging Gateway

book

Article ID: 432889

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Is Messaging Gateway affected by vulnerability stated in CVE-2026-24733?

Environment

10.9.2

Resolution

CVE-2026-24733

  • Referencing NIST: Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a (specification invalid) HEAD request using HTTP/0.9.
  • SMG does not currently implement any security constraint on endpoints to allow HEAD requests but deny GET requests, hence is not vulnerable to this issue.
Powered by Wolken Software