Critical Vulnerabilities Found in Apache HTTP Server Affecting Multiple Modules

Critical Vulnerabilities Found in Apache HTTP Server Affecting Multiple Modules

First seen 8 Jul 2026, 20:52 UTC UbuntuLinuxsecurity 95% similarity 74.0

Article Content

Browse articles
ThreatCluster

On July 8, 2026, multiple vulnerabilities were disclosed in the Apache HTTP Server, affecting various modules including mod_ldap, mod_proxy_ftp, and mod_proxy_html. These vulnerabilities could lead to denial of service attacks or arbitrary code execution. Specifically, CVE-2026-29167 allows attackers to crash the server via mod_ldap, while CVE-2026-29170 enables HTML injection via mod_proxy_ftp. Other vulnerabilities, such as CVE-2026-34355 and CVE-2026-34356, also pose significant risks by allowing denial of service through improper handling of content. The vulnerabilities impact Apache HTTP Server versions across multiple Ubuntu LTS releases. Users are advised to update their systems to mitigate these risks. The vulnerabilities were published on June 8, 2026, and patches are available.

Key Points: • Multiple critical vulnerabilities in Apache HTTP Server could lead to denial of service and code execution. • Affected modules include mod_ldap, mod_proxy_ftp, and mod_proxy_html, with several CVEs disclosed. • Users are urged to update their systems to the latest package versions to mitigate risks.

ThreatCluster AI

Timeline

2026-06-08
CVE-2026-29167 published
Apache HTTP Server's mod_ldap module vulnerability could lead to server crashes or arbitrary code execution.
Linuxsecurity
2026-06-08
CVE-2026-29170 published
Vulnerability in mod_proxy_ftp allows remote attackers to inject arbitrary HTML or web scripts.
Linuxsecurity
2026-06-08
CVE-2026-34355 published
Improper handling of content in mod_proxy_html could cause denial of service.
Linuxsecurity
2026-06-08
CVE-2026-44119 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-08
CVE-2026-44185 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-08
CVE-2026-44631 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-08
CVE-2026-42535 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-08
CVE-2026-48913 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-08
CVE-2026-44186 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-08
CVE-2026-43951 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE

Community

Browse all →