CVE-2026-3260: Rejected reason: The Undertow web server enforces a default maximum HTTP request entity size limit.
Rejected reason: The Undertow web server enforces a default maximum HTTP request entity size limit. Any request (including GET or HEAD) containing a body that exceeds this configurable limit is safely dropped by the server, preventing single-request Resource Exhaustion (Out of Memory) Denial of Service attacks.





