CVE Catalog

CVE-2026-34355

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.69%

48th percentile - higher than 48% of all known CVEs

Summary

A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend.

Risk Assessment

An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service, compromising server confidentiality and availability.

Recommendation

Upgrade Apache HTTP Server to version 2.4.68 immediately, which fixes this issue.

Original NVD description (English source)

A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS