User Agent Injection

What It Means

The user agent string associated with this request appears to contain an exploit which, if parsed, could allow an arbitrary command to run or data to be exfiltrated.

Why It Matters

Many applications log or process the User-Agent header without sanitization. Attackers embed exploit code in this header, hoping that when the application reads or stores it, the malicious payload will be executed — for example, through log injection, server-side template injection, or deserialization vulnerabilities.

Common Triggers

Requests with User-Agent headers containing shell commands, script fragments, serialized objects, or known exploit strings (such as Log4Shell-style payloads) instead of normal browser identification strings.

What To Do

These blocks are safe to leave in place. Legitimate browsers and API clients send standard User-Agent strings. No action is typically required.