Buffer Underwrite Vulnerability in Apache HTTP Server by Apache Software Foundation
CVE-2026-44631

9.8CRITICAL

Key Information:

Vendor

Apache

Vendor
CVE Published:
8 June 2026

What is CVE-2026-44631?

This vulnerability allows an attacker to exploit the way Apache HTTP Server handles crafted regular expressions in configuration files, potentially leading to unexpected behaviors or system instability. All users are encouraged to upgrade to version 2.4.68 to mitigate this issue.

Affected Version(s)

Apache HTTP Server 2.4.0 <= 2.4.67

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zhenpeng (Leo) Lin at depthfirst
Bartlomiej Dmitruk
.