Buffer Underwrite Vulnerability in Apache HTTP Server by Apache Software Foundation
CVE-2026-44631
9.8CRITICAL
What is CVE-2026-44631?
This vulnerability allows an attacker to exploit the way Apache HTTP Server handles crafted regular expressions in configuration files, potentially leading to unexpected behaviors or system instability. All users are encouraged to upgrade to version 2.4.68 to mitigate this issue.
Affected Version(s)
Apache HTTP Server 2.4.0 <= 2.4.67
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Zhenpeng (Leo) Lin at depthfirst
Bartlomiej Dmitruk