Vulnerability intelligence

CVE-2026-34355

A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

CVSS Score

7.5

High

EPSS — Exploit Probability

0.2%

Riskier than 41% of all CVEs

Exploitation

Not in CISA KEV

No federal exploitation record

Remediation

unknown

Check vendor advisories

NVD entry PoC / advisory

1 article across 1 outlet · first covered Jun 9, 2026 · latest Jun 9, 2026

Coverage timeline

Apache HTTP Server 2.4.68 fixes critical bugs to protect systems
securityonline.info · Jun 9, 2026