CVE-2026-40435
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk13th percentile - higher than 13% of all known CVEs
Summary
A vulnerability in the httpd server causes IP-based access restrictions to not cover all endpoints when configured. This may allow connections from addresses that should be blocked.
Risk Assessment
The risk is that an organization may unknowingly allow access to sensitive resources from unauthorized IP addresses, potentially leading to network security breaches.
Recommendation
It is recommended to immediately update the httpd server to the latest version containing the fix. Also review the IP access rule configuration to ensure it covers all endpoints.
Original NVD description (English source)
When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

