CVE Catalog

CVE-2026-44631

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

32th percentile — higher than 32% of all known CVEs

Summary

CVE-2026-44631 describes a buffer underwrite vulnerability in Apache HTTP Server caused by crafted regular expressions in the configuration. It affects versions from 2.4.0 to 2.4.67.

Risk Assessment

Organizations using vulnerable versions of Apache HTTP Server may be exposed to attacks that could lead to unauthorized access or system instability.

Recommendation

It is recommended to upgrade to version 2.4.68, which fixes the issue.

Original NVD description (English source)

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS