CVE-2026-28780 in HTTP Serverinformação

Sumário

de MITRE • 06/05/2026

Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer.

This issue affects Apache HTTP Server: through 2.4.66.

Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Divulgação

06/05/2026

Moderação

aceite

Entrada

VDB-361235

CPE

pronto

CWE

CWE-120 (confirmado)

CVSS

7.3 (VulDB)

EPSS

0.00024

KEV

não

Atividades

muito baixo

Sector

Hostingprovider, Pharma, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-28780
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-28780
CVE Details	https://www.cvedetails.com/cve/CVE-2026-28780/

◂ Voltar Visão Geral Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!