Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.

This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

Users are recommended to upgrade to version 2.4.68, which fixes the issue.

AI Analysis

Heap Underflow vulnerability in Apache HTTP Server via crafted regular expressions

Basic Information

ID CVE-2026-44631

Source apache

Published Jun 8, 2026 at 15:19

Modified Jun 8, 2026 at 19:43

Affected Product

Vendor Apache Software Foundation

Product Apache HTTP Server

Version 2.4.0

Affected Versions Apache Software Foundation Apache HTTP Server 2.4.0

CWE Classification

CWE-124

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Apache Software Foundation

Product Apache HTTP Server

Version 2.4.0-2.4.67

References

httpd.apache.org /security/vulnerabilities_24.html

{
    "lastseen": "",
    "description": "Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.\n\nUsers are recommended to upgrade to version 2.4.68, which fixes the issue.",
    "published": "2026-06-08T15:19:23.570Z",
    "modified": "2026-06-08T19:43:13.169Z",
    "type": "cve",
    "title": "Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow",
    "source": "apache",
    "references": "https://httpd.apache.org/security/vulnerabilities_24.html",
    "id": "CVE-2026-44631",
    "bulletinFamily": "",
    "cwe": [
        "CWE-124"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache HTTP Server 2.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache HTTP Server",
    "version": "2.4.0",
    "vendor": "Apache Software Foundation",
    "ai_description": "Heap Underflow vulnerability in Apache HTTP Server via crafted regular expressions",
    "ai_severity": "Critical",
    "ai_vendor": "Apache Software Foundation",
    "ai_product": "Apache HTTP Server",
    "ai_version": "2.4.0-2.4.67",
    "ai_score": 9.8
}

Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow_CVE-2026-44631