Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

View on NVD

Analysis

Apache HTTP Server versions 2.4.0 through 2.4.67 are affected by a critical buffer underwrite vulnerability. Exploitation of crafted regular expressions in the server configuration could lead to remote code execution or complete server compromise. Administrators should upgrade to version 2.4.68 immediately.

Relevant roles

BackendCloudLinuxDockerCyberSecurity

Severity

Score: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-124

EPSS

No EPSS score yet (CVE may be too fresh).

Technical description

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Published: 6/8/2026, 4:16:40 PM
Last modified: 6/8/2026, 11:17:24 PM

References

HomeEventsBlogResourcesTeam