CVE Catalog

CVE-2026-44185

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.58%

44th percentile - higher than 44% of all known CVEs

Summary

A Buffer Over-read vulnerability in Apache HTTP Server occurs when sending outbound OCSP requests to an attacker-controlled OCSP server. The issue affects versions from 2.4.0 through 2.4.67.

Risk Assessment

An attacker can exploit this vulnerability to read data beyond the buffer, potentially leading to disclosure of sensitive information or server instability.

Recommendation

It is recommended to immediately upgrade Apache HTTP Server to version 2.4.68, which fixes this vulnerability.

Original NVD description (English source)

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS