CVE-2026-34059
Buffer Over-read in Apache HTTP Server
Publication date: 2026-05-04
Last updated on: 2026-05-04
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | http_server | to 2.4.67 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer over-read issue in the Apache HTTP Server. It occurs in versions up to 2.4.66 and involves the server reading more data than it should from a buffer, which can lead to exposure of sensitive information or cause unexpected behavior.
How can this vulnerability impact me? :
The impact of this vulnerability can be significant as it allows an attacker to read sensitive data from the server's memory without authorization. According to the CVSS score of 7.5, it is a high-severity issue that can lead to confidentiality breaches, although it does not affect integrity or availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users are recommended to upgrade Apache HTTP Server to version 2.4.67, which contains the fix for the buffer over-read issue.