CVE Catalog

CVE-2026-34356

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

CVE-2026-34356 is a heap-based buffer overflow vulnerability in Apache HTTP Server that can be exploited by malicious backend servers and the ProxyPassReverseCookie function.

Risk Assessment

This vulnerability may lead to unauthorized access to the system or data leakage, posing a significant security risk to the organization.

Recommendation

It is recommended to upgrade to version 2.4.68, which fixes this issue.

Original NVD description (English source)

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS