PatchSiren cyber security CVE debrief
CVE-2026-43951 Apache CVE debrief
CVE-2026-43951 is a MEDIUM-severity vulnerability in Apache HTTP Server versions from 2.4.0 through 2.4.67. The vulnerability is caused by an out-of-bounds read issue when using mod_headers and mod_mime with multiple response languages.
- Vendor
- Apache
- Product
- HTTP Server
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-11
Who should care
Users of Apache HTTP Server versions from 2.4.0 through 2.4.67 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 6.5 and is classified as CWE-125. It can be exploited over the network with low attack complexity and requires no user interaction.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patches or updates provided by the vendor to fix the vulnerability.
- Refer to the vendor's advisory for more information: [ref-4](https://httpd.apache.org/security/vulnerabilities_24.html).
- Consider subscribing to the Apache HTTP Server security mailing list for future updates: [ref-5](http://www.openwall.com/lists/oss-security/2026/06/08/10).
Evidence notes
The CVE record and NVD detail pages provide additional information about the vulnerability.
Official resources
-
CVE-2026-43951 CVE record
CVE.org
-
CVE-2026-43951 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
af854a3a-2127-422b-91ae-364da2661108 - Mailing List, Third Party Advisory
CVE-2026-43951 was published on 2026-06-08T16:16:40.087Z and modified on 2026-06-11T04:00:11.043Z.