Vulnerability intelligence

CVE-2026-34356

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

CVSS Score

7.5

High

EPSS — Exploit Probability

0.2%

Riskier than 41% of all CVEs

Exploitation

Not in CISA KEV

No federal exploitation record

Remediation

unknown

Check vendor advisories

NVD entry PoC / advisory

1 article across 1 outlet · first covered Jun 9, 2026 · latest Jun 9, 2026

Coverage timeline

Apache HTTP Server 2.4.68 fixes critical bugs to protect systems
securityonline.info · Jun 9, 2026