CVEFinder.io

CVE-2026-34355

⚠️ high
πŸ” Scan for this CVE
Summary

A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

CVSS Score
7.5
High
EPSS Score
0.6
Exploit Probability
Published Date
2026-06-08
First Seen: 2026-06-09
πŸ“Š Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.0% of all 328,009 vulnerabilities in our database.

#101,817
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 8, 2026
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
YES
Can be exploited automatically
πŸ’₯ Technical Impact
Partial
Limited system impact
πŸ† Discovered By
Elhanan Haenel Junhui Lee
SSVC data provided by CISA
Last Modified 2026-06-09
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-122

πŸ“¦ Affected Products 1

Vendor Product Status Affected Versions
apache http_server Affected
> 2.4.0 < 2.4.68

πŸ”— References 2

https://httpd.apache.org/security/vulnerabilities_24...
Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/06/08/6
Mailing List

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-29167 β›” critical 9.8 0.7 Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apac... 2026-06-08
CVE-2026-29170 πŸ”Ά medium 6.1 0.6 A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.... 2026-06-08
CVE-2026-34356 ⚠️ high 7.5 0.7 Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie... 2026-06-08
CVE-2026-42535 β›” critical 9.1 0.6 A path handling issue in mod_dav_fs in Apache 2.4.67 and earlierΒ allows a WebDAV content author to directly manipulate ... 2026-06-08
CVE-2026-42536 ⚠️ high 7.5 0.5 Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content ... 2026-06-08
CVE-2026-43951 πŸ”Ά medium 6.5 0.5 Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. T... 2026-06-08
These CVEs affect the same products