PatchSiren cyber security CVE debrief
CVE-2026-29170 Apache CVE debrief
A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue.
- Vendor
- Apache
- Product
- HTTP Server
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users of Apache HTTP Server 2.4.67 and earlier
Technical summary
The vulnerability has a CVSS score of 6.1 and is classified as MEDIUM. It exists in the mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to Apache HTTP Server version 2.4.68 or later
Evidence notes
The vulnerability is analyzed and has a CWE-79 weakness.
Official resources
-
CVE-2026-29170 CVE record
CVE.org
-
CVE-2026-29170 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
af854a3a-2127-422b-91ae-364da2661108 - Mailing List, Third Party Advisory
CVE-2026-29170 was published on 2026-06-08T16:16:38.093Z and modified on 2026-06-09T16:21:31.310Z.