CVE-2026-34355

7.5 HIGH

A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend

Published: 2026-06-08 · Last updated: 2026-06-09

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-122

Affected products

Vendor	Product
apache	http_server

Description

A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-34355
[Vendor advisory]https://httpd.apache.org/security/vulnerabilities_24.html
[Other]http://www.openwall.com/lists/oss-security/2026/06/08/6

Related CVEs

Same vendor

CVE-2026-34905 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer (6.5 MEDIUM)
CVE-2026-34031 — Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)
CVE-2026-33582 — Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)
CVE-2026-25699 — Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer (6.1 MEDIUM)
CVE-2026-25688 — Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer (6.1 MEDIUM)

Same CWE

CVE-2026-53465 — ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)
CVE-2026-48994 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.9 MEDIUM)
CVE-2026-46692 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)
CVE-2026-46520 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
CVE-2026-2049 — GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (7.8 HIGH)