Skip to main content

Apache HTTP Server CVE-2026-44631

| EUVD-2026-35095 CRITICAL
Buffer Underwrite ('Buffer Underflow') (CWE-124)
2026-06-08 apache GHSA-9jv8-9586-5r34
Information Disclosure Apache Red Hat
9.8
CVSS 3.1 · Vendor: apache
Share

Severity by source

Vendor (apache) PRIMARY
9.8 LOW
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
6.6 MEDIUM

Configuration write access (PR:H) is required to insert the crafted regex; AC:H reflects the non-default configuration dependency despite network-reachable trigger.

3.1 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
5.9 MEDIUM
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Red Hat
7.7 MEDIUM
qualitative

Primary rating from Vendor (apache).

CVSS VectorVendor: apache

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Severity Changed
Jun 11, 2026 - 04:07 NVD
LOW CRITICAL
CVSS changed
Jun 11, 2026 - 04:07 NVD
9.8 (LOW) 9.8 (CRITICAL)
Severity Changed
Jun 10, 2026 - 18:58 vendor-first correction
CRITICAL LOW
Analysis Generated
Jun 08, 2026 - 21:22 vuln.today
CVSS changed
Jun 08, 2026 - 21:22 NVD
9.8 (CRITICAL)
CVE Published
Jun 08, 2026 - 15:19 nvd
CRITICAL 9.8
CVE Published
Jun 08, 2026 - 15:19 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.

This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Articles & Coverage 1

News Apache HTTP Server 2.4.0-2.4.67: buffer underwrite in ap_regname via crafted config regex (CVE-2026-44631) Jun 09, 2026

AnalysisAI

Apache HTTP Server 2.4.0-2.4.67 has a buffer underwrite (CWE-124) in ap_regname, triggered by a crafted regular expression in the server configuration. The vendor (Apache) rates this Low severity. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify httpd 2.4.0-2.4.67 with regex directives
Delivery
Inject crafted regex via .htaccess or config input
Exploit
Trigger config (re)load by httpd
Install
Regex parser performs buffer underwrite
C2
Corrupt adjacent heap memory
Execute
Hijack control flow in worker process
Impact
Execute code as httpd user
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The advisory states the vulnerable input is a 'crafted regular expression in the configuration,' so exploitation requires httpd to parse an attacker-influenced regex pattern in a configuration context - typically a RewriteRule, LocationMatch, DirectoryMatch, FilesMatch, or ProxyPassMatch directive in httpd.conf, an Include file, or a .htaccess file on a server where AllowOverride permits such directives. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Severity is contested. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario On a shared-hosting server where AllowOverride permits regex-bearing directives, a tenant uploads an .htaccess containing a malicious RewriteRule pattern; when httpd parses the regex it underwrites a buffer, corrupting memory in the worker process and potentially yielding code execution under the httpd user. No public exploit identified at time of analysis, so this is a plausible but unproven path, and the CVSS network vector suggests the vendor may know of a remote regex ingestion path that is not described in the public advisory.
Remediation Vendor-released patch: 2.4.68 - upgrade httpd to 2.4.68 or later from https://httpd.apache.org/ and consult the official advisory at https://httpd.apache.org/security/vulnerabilities_24.html for build-specific notes. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Now: upgrade Apache HTTP Server to 2.4.68, which fixes the issue. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Module for Package Hub 15 SP7 Affected
SUSE Linux Enterprise Module for Server Applications 15 SP7 Affected

Share

CVE-2026-44631 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy