CVE Catalog

CVE-2026-49975

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
11.47%

96th percentile - higher than 96% of all known CVEs

Summary

A memory allocation with excessive size vulnerability in Apache HTTP Server's mod_http allows an attacker to cause a denial of service via malicious HTTP requests. The issue affects versions from 2.4.17 through 2.4.67.

Risk Assessment

An attacker can remotely exhaust server memory, leading to crashes or service unavailability, disrupting web applications and potentially impacting business continuity.

Recommendation

Immediately upgrade Apache HTTP Server to version 2.4.68 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS