Description
Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in mod_ldap can be exploited remotely to execute arbitrary code.
- Cross-site scripting (XSS) vulnerability in mod_proxy_ftp can be exploited to perform cross-site scripting attack.
- A remote code execution vulnerability in mod_proxy_html can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in proxy handling can be exploited remotely to execute arbitrary code.
- Security vulnerability in mod_dav_fs can be exploited to bypass security restrictions.
- Denial of service vulnerability in mod_xml2enc can be exploited remotely to cause denial of service.
- Denial of service vulnerability in `merge_response_headers` can cause crash can be exploited remotely to cause denial of service.
- Security vulnerability in Apache HTTP Server can be exploited to bypass security restrictions.
- A remote code execution vulnerability in mod_ssl can be exploited remotely to execute arbitrary code.
- Security vulnerability in mod_proxy_ftp can be exploited to bypass security restrictions.
- A remote code execution vulnerability in `ap_regname` via Signed Char Overflow can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in mod_http2 can be exploited remotely to execute arbitrary code.
- Denial of service vulnerability in mod_http2 can be exploited remotely to cause denial of service.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
- CVE-2026-49975 critical
- CVE-2026-29167 critical
- CVE-2026-29170 high
- CVE-2026-34355 critical
- CVE-2026-34356 critical
- CVE-2026-42535 critical
- CVE-2026-42536 critical
- CVE-2026-43951 high
- CVE-2026-44119 high
- CVE-2026-44185 high
- CVE-2026-44186 high
- CVE-2026-44631 critical
- CVE-2026-48913 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!