Title: JUNG Smart Visu Server 1.1.1050 Request URL Override
Advisory ID: ZSL-2026-5970
Type: Local/Remote
Impact: Cross-Site Scripting, Spoofing
Risk: (4/5)
Release Date: 12.02.2026

Summary

The Smart Visu Server makes your intelligent building control convenient. With the user-friendly operating concept, you can control both the KNX system and other systems such as Philips Hue or Sonos on your mobile devices. You can likewise connect voice control to your KNX system with Amazon Alexa or Google Assistant via the Smart Visu Server.

Description

The vulnerability enables unauthenticated attackers to perform cache poisoning attacks by overriding the effective host in proxied requests through manipulation of the 'X-Forwarded-Host' header. When a malicious actor sends a request with an arbitrary value, the backend application or proxy fails to properly validate or sanitize this header, resulting in the generation of responses that incorporate the injected host as legitimate URLs or links, redirecting to the attacker's controlled domain. This can lead to persistent cache poisoning, where the tainted content is stored and served to unsuspecting users, facilitating phishing, session hijacking, or the distribution of malicious payloads.

Vendor

ALBRECHT JUNG GMBH & CO. KG - https://www.jung-group.com | https://www.jung.de

Affected Version

1.1.1050
1.0.905
1.0.832
1.0.830

Tested On

Jetty(9.2.12.v20150709)

Vendor Status

[07.02.2026] Vulnerability discovered.
[07.02.2026] Vendor contacted.
[11.02.2026] No response from the vendor.
[12.02.2026] Public security advisory released.

PoC

jung_cache.txt

Credits

Vulnerability discovered by Gjoko Krstic - <[email protected]>

References

N/A

Changelog

[12.02.2026] - Initial release

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: [email protected]