Heap-based Buffer Overflow in Apache HTTP Server Products
CVE-2026-34356
7.5HIGH
What is CVE-2026-34356?
A heap-based buffer overflow vulnerability exists in the Apache HTTP Server, potentially allowing an attacker exploiting malicious backend servers to execute arbitrary code through the ProxyPassReverseCookie directive. This affects versions from 2.4.0 up to 2.4.67 and requires immediate attention by upgrading to version 2.4.68, which addresses this critical security flaw.
Affected Version(s)
Apache HTTP Server 2.4.0 <= 2.4.67