Cross-Site Scripting Vulnerability in Apache HTTP Server Mod Proxy FTP
CVE-2026-29170
6.1MEDIUM
What is CVE-2026-29170?
A cross-site scripting (XSS) vulnerability is present in the HTML directory list generation of mod_proxy_ftp in Apache HTTP Server versions 2.4.67 and earlier. This flaw may allow an attacker to inject malicious scripts via FTP directory content listings when using either forward or reverse proxy configurations. Users should immediately update to Apache HTTP Server version 2.4.68 or later to mitigate this security risk.
Affected Version(s)
Apache HTTP Server 0 <= 2.4.67