CVE-2026-49975
HighCVSS 7.5Exploitation Probability (EPSS)
Very high risk96th percentile - higher than 96% of all known CVEs
Summary
A memory allocation with excessive size vulnerability in Apache HTTP Server's mod_http allows an attacker to cause a denial of service via malicious HTTP requests. The issue affects versions from 2.4.17 through 2.4.67.
Risk Assessment
An attacker can remotely exhaust server memory, leading to crashes or service unavailability, disrupting web applications and potentially impacting business continuity.
Recommendation
Immediately upgrade Apache HTTP Server to version 2.4.68 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.

