CVE-2026-49975

CVE-2026-49975 affects Apache HTTP Server’s HTTP/2 (mod_http2) by incorrect cookie header accounting, causing denial of service through excessive memory/CPU usage. Affected sequences span Apache 2.4.17–2.4.67. Debian/Ubuntu advisories and NVD describe the root cause as flawed cookie handling in H...

CVE-2026-48913

Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67...

CVE-2026-48913

CVE-2026-48913 is a Use After Free vulnerability in the Apache HTTP Server mod_http2 module, affecting versions 2.4.55 through 2.4.67. The issue occurs when file handles are already exhausted, leading to a use-after-free condition. The provided document specifies the vulnerable component (mod_htt...

CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

CVE-2026-43951

CVE-2026-43951 affects Apache HTTP Server 2.4.0–2.4.67, involving an out-of-bounds read in modules mod_headers and mod_mime across multiple response languages. Connected documents do not provide concrete exploit details or fixes. No remediation version is stated in the available data. If applicab...

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

CVE-2026-43951

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

CVE-2026-44119

CVE-2026-44119 affects Apache HTTP Server up to and including 2.4.67. The issue is an improper privilege management vulnerability that allows local .htaccess authors to read files with the privileges of the httpd user. A fix is available in version 2.4.68. Affected products: Apache HTTP Server (2...

CVE-2026-34355

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

CVE-2026-34355

CVE-2026-34355 describes a buffer overflow in the Apache HTTP Server’s mod_proxy_html in versions

CVE-2026-29167

Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

EUVD-2026-35105

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

EUVD-2026-35101

Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67...

EUVD-2026-35099

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

CVE-2026-43951

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

EUVD-2026-35093

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

EUVD-2026-35089

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...