CVE-2026-44186
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk25th percentile - higher than 25% of all known CVEs
Summary
An 'Infinite Loop' vulnerability in the mod_proxy_ftp module of the Apache HTTP Server occurs when an attacker controls the backend FTP server. This issue affects versions from 2.4.0 through 2.4.67.
Risk Assessment
An attacker can cause the server to enter an infinite loop, leading to resource exhaustion and potential service unavailability.
Recommendation
It is recommended to upgrade to version 2.4.68, which fixes the issue.
Original NVD description (English source)
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

