Vulnerability CVE-2026-34059: Information

Description

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
URL: https://nvd.nist.gov/vuln/detail/CVE-2026-34059
Published: May 4, 2026
Modified: May 4, 2026
Error type identifier: CWE-126

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.67-alt12.4.67-alt1ALT-PU-2026-7150-4417200Fixed
apache2sisyphus_e2k2.4.67-alt12.4.67-alt1ALT-PU-2026-7624-1-Fixed
apache2sisyphus_riscv642.4.67-alt12.4.67-alt1ALT-PU-2026-7538-1-Fixed
apache2sisyphus_loongarch642.4.67-alt12.4.67-alt1ALT-PU-2026-7484-1-Fixed
apache2p112.4.67-alt12.4.67-alt1ALT-PU-2026-7156-4417202Fixed
apache2p102.4.67-alt12.4.67-alt1ALT-PU-2026-7231-3417203Fixed
apache2p10_e2k2.4.67-alt12.4.67-alt1ALT-PU-2026-7870-1-Fixed
apache2c10f22.4.67-alt12.4.67-alt1ALT-PU-2026-7158-4417204Fixed
apache2c9f22.4.67-alt12.4.67-alt1ALT-PU-2026-7193-4417205Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://httpd.apache.org/security/vulnerabilities_24.html
  • Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/05/04/17
  • Mailing List
  • Third Party Advisory
BDU:2026-06408
      1. cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
        End excluding
        2.4.67
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top