CVE Catalog

CVE-2026-42536

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.61%

45th percentile - higher than 45% of all known CVEs

Summary

A heap-based buffer overflow vulnerability in Apache HTTP Server exists in the mod_xml2enc module when processing untrusted content via the xml2StartParse function. Affected versions are from 2.4.0 through 2.4.67.

Risk Assessment

An attacker can remotely cause a server crash or potentially execute arbitrary code, compromising the confidentiality, integrity, and availability of the system.

Recommendation

Immediately upgrade Apache HTTP Server to version 2.4.68, which includes the fix for this vulnerability.

Original NVD description (English source)

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS