Apache News Articles

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

Ravie LakshmananMay 05, 2026Vulnerability / Server Security

2 weeks ago

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

Apache fixes CVE-2026-23918 in HTTP/2; double-free flaw enables DoS and RCE, impacting version 2.4.66 users.

2 weeks ago

Critical Apache HTTP Server Flaw Exposes Millions of Servers to RCE Attacks

The Apache Software Foundation has released a critical security update for Apache HTTP Server, patching five vulnerabilities, including a dangerous double-free flaw capable of enabling Remote Code Execution (RCE) in version 2.4.67, released on May 4, 2026.

2 weeks ago

6000+ Apache ActiveMQ Instances Vulnerable to CVE-2026-34197 Exposed Online - IT Security News

More than 6,000 internet-exposed Apache ActiveMQ instances are still vulnerable to CVE-2026-34197. This newly tracked security flaw has now been added to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog. The exposure data comes from The Shadow...

1 month ago

Actively exploited Apache ActiveMQ flaw impacts 6,400 servers

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability.

1 month ago

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years.

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

CVE-2026-34197 exploited in Apache ActiveMQ; CISA KEV listing sets April 30, 2026 patch deadline, increasing enterprise RCE risk.

Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cloudflare moves up its post-quantum deadline as

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) - IT Security News

In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ that’s been introduced in the codebase 13 years ago. The…Read more →

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) - Help Net Security

Researcher used Claude to unearth CVE-2026-34197, an Apache ActiveMQ vulnerability that's been introduced in the codebase 13 years ago.

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

6:08 PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands.

Years-Old Apache Struts2 Vulnerability Downloaded 325K+ Times in the Past Week

AI-discovered Apache Struts vulnerability CVE-2025-68493 is still widely used, with over 380,000 downloads of vulnerable versions in just one week.

Critical Apache Struts 2 Vulnerability Allow Attackers to Steal Sensitive Data

XML external entity (XXE) injection flaw found in Apache Struts 2, exposing millions of applications to data theft and server compromise.

Critical Apache Struts 2 Vulnerability Allow Attackers to Steal Sensitive Data

XML external entity (XXE) injection flaw found in Apache Struts 2, exposing millions of applications to data theft and server compromise.

Apache Struts 2 Vulnerability CVE-2025-68493 Exposes Sensitive Data

Discover the critical Apache Struts 2 vulnerability CVE-2025-68493 that exposes sensitive data. Learn how to protect your applications from data breaches and Denial-of-Service attacks.

Critical Apache Struts 2 Flaw Could Let Attackers Steal Sensitive Data

A vulnerability in Apache Struts 2’s XWork component could expose sensitive data and open the door to denial‑of‑service and server‑side request forgery (SSRF).

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

Atlassian released security updates to address dozens of flaws, including multiple critical-severity vulnerabilities.

Critical CVE-2025-66516 Exposes Apache Tika to XXE Attacks Across Core and Parser Modules - IT Security News

  A newly disclosed vulnerability in Apache Tika has had the cybersecurity community seriously concerned because researchers have confirmed that it holds a maximum CVSS severity score of 10.0. Labeled as CVE-2025-66516, the vulnerability facilitates XXE attacks and may allow…Read more →

Over 500 Apache Tika Instances Exposed Online to Critical XXE Attacks

CVE-2025-66516, carrying the maximum CVSS severity score of 10.0, represents a significant threat to organizations deploying vulnerable versions of the widely used document processing framework.

500+ Apache Tika Toolkit Instances Vulnerable to Critical XXE Attack Exposed Online

Apache Tika servers online are affected by a critical XXE vulnerability, which could let attackers steal data, cause DoS attacks.

Apache Tika CVE Expands To Critical Multi-Module Flaw

New advisory reveals Apache Tika’s XXE flaw affects multiple modules, requiring urgent updates.

Apache Issues Max-Severity Tika CVE After Patch Miss

The Apache Software Foundation's earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE.

CVE-2025-66516: Maximum-Severity Vulnerability in Apache Tika Could Lead to XML External Entity Injection Attack | SOC Prime

Explore details for CVE-2025-66516 vulnerability in Apache Tika, causing XML External Entity Injection, with a deep analysis on our SOC Prime blog.