Infinite Loop Vulnerability in Apache HTTP Server's mod_proxy_ftp Module
CVE-2026-44186
7.3HIGH
What is CVE-2026-44186?
A vulnerability exists in the mod_proxy_ftp module of the Apache HTTP Server, allowing for the potential occurrence of an infinite loop during processing requests from attackers controlling backend FTP servers. This issue affects various versions of the server up to 2.4.67. Users are strongly advised to upgrade to version 2.4.68 or later to mitigate this issue. This vulnerability can lead to denial of service conditions, impacting server performance and availability.
Affected Version(s)
Apache HTTP Server 2.4.0 <= 2.4.67