CVE Vulnerabilities

CVE-2026-44185

Buffer Over-read

Published: Jun 08, 2026 | Modified: Jul 02, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.3 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server

This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Weakness

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Affected Software

NameVendorStart VersionEnd Version
Http_serverApache2.4.0 (including)2.4.68 (excluding)
Red Hat Enterprise Linux 10RedHathttpd-0:2.4.63-13.el10_2.4*
Apache2Ubuntudevel*
Apache2Ubuntuupstream*

References