CVE Catalog

CVE-2026-44186

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.09%

25th percentile - higher than 25% of all known CVEs

Summary

An 'Infinite Loop' vulnerability in the mod_proxy_ftp module of the Apache HTTP Server occurs when an attacker controls the backend FTP server. This issue affects versions from 2.4.0 through 2.4.67.

Risk Assessment

An attacker can cause the server to enter an infinite loop, leading to resource exhaustion and potential service unavailability.

Recommendation

It is recommended to upgrade to version 2.4.68, which fixes the issue.

Original NVD description (English source)

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS