Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Ver en NVD

Análisis

Apache HTTP Server versions 2.4.0 through 2.4.67 are affected by a critical buffer underwrite vulnerability. Exploitation of crafted regular expressions in the server configuration could lead to remote code execution or complete server compromise. Administrators should upgrade to version 2.4.68 immediately.

Roles relevantes

BackendCloudLinuxDockerCyberSecurity

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-124

EPSS

Sin puntaje EPSS aún (CVE muy reciente).

Descripción técnica

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Publicada: 8/6/2026, 16:16:40
Última modificación: 8/6/2026, 23:17:24

Referencias

InicioEventosBlogRecursosEquipo