CVE-2026-29168 PUBLISHED

Apache HTTP Server: mod_md unrestricted OCSP response

Assigner: apache
Reserved: 04.03.2026 Published: 05.05.2026 Updated: 05.05.2026

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's  mod_md via OCSP response data.

This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66.

Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache HTTP Server
Versions Default: unaffected
  • affected from 2.4.30 to 2.4.66 (incl.)

Credits

  • Pavel Kohout, Aisle Research, Aisle.com finder

References

Problem Types

  • CWE-770: Allocation of Resources Without Limits or Throttling CWE