CVE-2026-59173
Apache Traffic Server: DoS vulnerability in HTTP/2 via stalled flow-control conditions
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Uncontrolled Resource Consumption vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.1.13, from 10.0.0 through 10.1.2. Users are recommended to upgrade to version 9.1.14 or 10.1.3, which fixes the issue.
| CWE | CWE-400 |
| Vendor | apache software foundation |
| Product | apache traffic server |
| Published | Jul 18, 2026 |
| Last Updated | Jul 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for apache software foundation apache traffic server
Be the first to know when new unknown vulnerabilities affecting apache software foundation apache traffic server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Apache Software Foundation / Apache Traffic Server
9.0.0 โค 9.2.13 10.0.0 โค 10.1.2
References
Credits
๐ Okta Red Team