CVE-2026-44631
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk32th percentile — higher than 32% of all known CVEs
Summary
CVE-2026-44631 describes a buffer underwrite vulnerability in Apache HTTP Server caused by crafted regular expressions in the configuration. It affects versions from 2.4.0 to 2.4.67.
Risk Assessment
Organizations using vulnerable versions of Apache HTTP Server may be exposed to attacks that could lead to unauthorized access or system instability.
Recommendation
It is recommended to upgrade to version 2.4.68, which fixes the issue.
Original NVD description (English source)
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

