CVE-2026-34059 PUBLISHED

Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

Assigner: apache
Reserved: 25.03.2026 Published: 04.05.2026 Updated: 04.05.2026

Buffer Over-read vulnerability in Apache HTTP Server.

This issue affects Apache HTTP Server: through 2.4.66.

Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache HTTP Server
Versions Default: unaffected
  • affected from 0 to 2.4.66 (incl.)

Credits

  • Elhanan Haenel finder

References

Problem Types

  • CWE-126 Buffer Over-read CWE