CVE-2026-49975
Apache HTTP Server: mod_http2 denial of service
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
5th
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
| CWE | CWE-789 |
| Vendor | apache software foundation |
| Product | apache http server |
| Published | Jun 8, 2026 |
| Last Updated | Jun 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for apache software foundation apache http server
Be the first to know when new high vulnerabilities affecting apache software foundation apache http server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Apache Software Foundation / Apache HTTP Server
2.4.17 โค 2.4.67
References
httpd.apache.org: https://httpd.apache.org/security/vulnerabilities_24.html openwall.com: http://www.openwall.com/lists/oss-security/2026/06/03/3 lists.debian.org: https://lists.debian.org/debian-lts-announce/2026/06/msg00009.html openwall.com: http://www.openwall.com/lists/oss-security/2026/06/08/16
Credits
Quang Luong of Calif.IO in collaboration with OpenAI Codex