Vulnerability CVE-2026-29168: Information

Description

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's  mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Severity: HIGH (7.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
URL: https://nvd.nist.gov/vuln/detail/CVE-2026-29168
Published: May 5, 2026
Modified: May 6, 2026
Error type identifier: CWE-770

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.67-alt12.4.67-alt1ALT-PU-2026-7150-4417200Fixed
apache2sisyphus_e2k2.4.67-alt12.4.67-alt1ALT-PU-2026-7624-1-Fixed
apache2sisyphus_riscv642.4.67-alt12.4.67-alt1ALT-PU-2026-7538-1-Fixed
apache2sisyphus_loongarch642.4.67-alt12.4.67-alt1ALT-PU-2026-7484-1-Fixed
apache2p112.4.67-alt12.4.67-alt1ALT-PU-2026-7156-4417202Fixed
apache2p102.4.67-alt12.4.67-alt1ALT-PU-2026-7231-3417203Fixed
apache2p10_e2k2.4.67-alt12.4.67-alt1ALT-PU-2026-7870-1-Fixed
apache2c10f22.4.67-alt12.4.67-alt1ALT-PU-2026-7158-4417204Fixed
apache2c9f22.4.67-alt12.4.67-alt1ALT-PU-2026-7193-4417205Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://httpd.apache.org/security/vulnerabilities_24.html
  • Release Notes
  • Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/05/05/6
  • Mailing List
  • Third Party Advisory
BDU:2026-06409
      1. cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
        Start including
        2.4.30
        End excluding
        2.4.67
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top