PatchSiren cyber security CVE debrief
CVE-2026-44631 Apache CVE debrief
A Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.
- Vendor
- Apache
- Product
- HTTP Server
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-11
Who should care
Users of Apache HTTP Server versions from 2.4.0 through 2.4.67
Technical summary
The vulnerability is a Buffer Underwrite issue in Apache HTTP Server, which can be triggered by crafted regular expressions in the configuration. The Common Vulnerabilities and Exposures (CVE) score for this issue is 9.8, indicating a Critical severity level.
Defensive priority
high
Recommended defensive actions
- Upgrade to Apache HTTP Server version 2.4.68 or later
Evidence notes
The vulnerability affects Apache HTTP Server versions from 2.4.0 through 2.4.67.
Official resources
-
CVE-2026-44631 CVE record
CVE.org
-
CVE-2026-44631 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
af854a3a-2127-422b-91ae-364da2661108 - Mailing List, Third Party Advisory
CVE-2026-44631 was published on [2026-06-08T16:16:40.583Z](https://www.cve.org/CVERecord?id=CVE-2026-44631) and modified on [2026-06-11T04:01:49.173Z](https://nvd.nist.gov/vuln/detail/CVE-2026-44631).