PatchSiren cyber security CVE debrief
CVE-2026-34355 Apache CVE debrief
CVE-2026-34355 is a HIGH severity vulnerability in Apache HTTP Server 2.4.67 and earlier. The vulnerability is caused by a buffer overflow in mod_proxy_html, which allows an attack by an untrusted backend. The CVSS score is 7.5. Users are recommended to upgrade to version 2.4.68, which fixes this issue.
- Vendor
- Apache
- Product
- HTTP Server
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users of Apache HTTP Server 2.4.67 and earlier should upgrade to version 2.4.68 to fix this vulnerability.
Technical summary
A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to Apache HTTP Server version 2.4.68 or later.
Evidence notes
The vulnerability is caused by a buffer overflow in mod_proxy_html, which allows an attack by an untrusted backend.
Official resources
-
CVE-2026-34355 CVE record
CVE.org
-
CVE-2026-34355 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
af854a3a-2127-422b-91ae-364da2661108 - Mailing List
CVE-2026-34355 was published on [2026-06-08T16:16:38.387Z].