CVE Catalog

CVE-2026-40435

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile - higher than 13% of all known CVEs

Summary

A vulnerability in the httpd server causes IP-based access restrictions to not cover all endpoints when configured. This may allow connections from addresses that should be blocked.

Risk Assessment

The risk is that an organization may unknowingly allow access to sensitive resources from unauthorized IP addresses, potentially leading to network security breaches.

Recommendation

It is recommended to immediately update the httpd server to the latest version containing the fix. Also review the IP access rule configuration to ensure it covers all endpoints.

Original NVD description (English source)

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS