CVE-2025-58136
Apache Traffic Server: A simple legitimate POST request causes a crash
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to set proxy.config.http.request_buffer_enabled to 0 (the default value is 0).
| CWE | CWE-670 |
| Vendor | apache software foundation |
| Product | apache traffic server |
| Published | Apr 2, 2026 |
| Last Updated | Apr 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for apache software foundation apache traffic server
Be the first to know when new high vulnerabilities affecting apache software foundation apache traffic server are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Apache Software Foundation / Apache Traffic Server
10.0.0 ≤ 10.1.1 9.0.0 ≤ 9.2.12