CVE-2026-34032

MEDIUM severity · CVSS 5.3 · Out-of-bounds read

5.3CVSS MEDIUM

Summary

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactLow

Integrity impactNone

Availability impactNone

Exploit probability (EPSS)0%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products we track (1)

Apache HTTP Server

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
https://httpd.apache.org/security/vulnerabilities_24.htmlAdvisory
http://www.openwall.com/lists/oss-security/2026/05/04/16Advisory