Apache http server
This hub aggregates every CVE we track for Apache http server, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
339
CVEs tracked
41
Critical
110
High
6
In CISA KEV
Severity distribution
MEDIUM175HIGH110CRITICAL41LOW13
Monthly trend
11
0
0
0
0
0
0
0
0
1
0
0
9
0
0
0
0
5
0
0
0
0
11
13
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Apache http server.
- CVE-2026-49975Apache HTTP Server: mod_http2 denial of service7.5
- CVE-2026-48913Apache HTTP Server: mod_http2 memory corruption when file handles exhausted7.3
- CVE-2026-42536Apache HTTP Server: mod_xml2enc heap overflow7.5
- CVE-2026-44185Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`7.3
- CVE-2026-34355Apache HTTP Server: mod_proxy_html buffer overflow7.5
- CVE-2026-44631Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow9.8
- CVE-2026-44119Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules5.5
- CVE-2026-43951Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash6.5
- CVE-2026-42535Apache HTTP Server: mod_dav_fs protected directory access9.1
- CVE-2026-34356Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow7.5
- CVE-2026-44186Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp7.3
- CVE-2026-29170Apache HTTP Server: mod_proxy_ftp XSS6.1
- CVE-2026-29167Apache HTTP Server: mod_ldap per-dir use-after-free9.8
- CVE-2026-28780Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()9.8
- CVE-2026-29168Apache HTTP Server: mod_md unrestricted OCSP response7.3
Product normalization is registry-driven with AI assist and human review. How it works