CVE-2026-42268: Modsecurity Libinjection Boolean Failopen
Evaluating `libinjection_xss` or `libinjection_sqli` as a simple boolean or `int` drops explicit fail-safe parser errors introduced in libinjection v4. This allows specifically crafted obfuscated payloads to induce a parser error that bypasses the WAF (fail open). Update to capture the result in an `injection_result_t` and handle both `LIBINJECTION_RESULT_TR
greprules fetch cve-2026-42268-modsecurity-libinjection-boolean-failopen --engine opengrepDescription
Evaluating `libinjection_xss` or `libinjection_sqli` as a simple boolean or `int` drops explicit fail-safe parser errors introduced in libinjection v4. This allows specifically crafted obfuscated payloads to induce a parser error that bypasses the WAF (fail open). Update to capture the result in an `injection_result_t` and handle both `LIBINJECTION_RESULT_TR
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.