Security Alert (A26-06-16): Multiple Vulnerabilities in Apache HTTP Server

Description:

The Apache Software Foundation released a security update to address multiple vulnerabilities in the HTTP Server and its modules. A remote attacker could exploit the vulnerabilities by sending a specially crafted request to the affected systems.

Affected Systems:

• Apache HTTP Server versions prior to 2.4.68

For detailed information of the affected systems, please refer to the corresponding security advisory at software provider's website.

Impact:

Successful exploitation of the vulnerabilities could lead remote code execution, denial of service, information disclosure or security restriction bypass on an affected system.

Recommendation:

The Apache Software Foundation has released new version of the system to address the issues and they can be downloaded at the following URL:
https://httpd.apache.org/download.cgi

More Information:

• https://httpd.apache.org/download.cgi#apache24
• https://httpd.apache.org/security/vulnerabilities_24.html#2.4.68
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29167
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29170
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34355 (to CVE-2026-34356)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42535 (to CVE-2026-42536)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43951
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44119
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44185 (to CVE-2026-44186)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44631
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48913
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-49975