CVE-2026-44185
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk44th percentile - higher than 44% of all known CVEs
Summary
A Buffer Over-read vulnerability in Apache HTTP Server occurs when sending outbound OCSP requests to an attacker-controlled OCSP server. The issue affects versions from 2.4.0 through 2.4.67.
Risk Assessment
An attacker can exploit this vulnerability to read data beyond the buffer, potentially leading to disclosure of sensitive information or server instability.
Recommendation
It is recommended to immediately upgrade Apache HTTP Server to version 2.4.68, which fixes this vulnerability.
Original NVD description (English source)
Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

