CVE Vulnerabilities

CVE-2026-44631

Buffer Underwrite ('Buffer Underflow')

Published: Jun 08, 2026 | Modified: Jun 17, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.7 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.

This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Weakness

The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

Affected Software

NameVendorStart VersionEnd Version
Http_serverApache2.4.0 (including)2.4.68 (excluding)
Red Hat Enterprise Linux 10RedHathttpd-0:2.4.63-13.el10_2.4*
Apache2Ubuntudevel*
Apache2Ubuntuupstream*

Potential Mitigations

References