CVE Catalog
CVE-2026-34356
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk0.04%
12th percentile - higher than 12% of all known CVEs
Summary
CVE-2026-34356 is a heap-based buffer overflow vulnerability in Apache HTTP Server that can be exploited by malicious backend servers and the ProxyPassReverseCookie function.
Risk Assessment
This vulnerability may lead to unauthorized access to the system or data leakage, posing a significant security risk to the organization.
Recommendation
It is recommended to upgrade to version 2.4.68, which fixes this issue.
Original NVD description (English source)
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

