Buffer Over-read Vulnerability in Apache HTTP Server by Apache
CVE-2026-44185

7.3HIGH

Key Information:

Vendor

Apache

Vendor
CVE Published:
8 June 2026

What is CVE-2026-44185?

A vulnerability exists in the Apache HTTP Server that can lead to a buffer over-read. This occurs when outbound OCSP requests are sent to an attacker-controlled OCSP server, potentially revealing sensitive information. It is crucial for users of affected versions, from 2.4.0 to 2.4.67, to upgrade to version 2.4.68 or later to mitigate this risk and safeguard their systems from exploitation.

Affected Version(s)

Apache HTTP Server 2.4.0 <= 2.4.67

References

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zhenpeng (Leo) Lin at depthfirst
.