CVE-2026-28780: Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Veroeffentlicht: 2026-05-04 00:00 UTC Importiert: 2026-05-14 20:48 UTC CVSS: 9.8 Quelle-ID: apache_httpd_sec uid_hash: 54e428bcff1002bc575eb856431bfa739c98f00ac4144bbd03fc06ac35e0cb89
Apache HTTP Server Security (httpd.org JSON)

### Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2026-28780

 CRITICAL 9.8 - - 2026-05-05

### Quellen-Details

ID Name Kategorie Tags Zielgruppe Sprache Feed-URL
apache_httpd_sec

Apache HTTP Server Security (httpd.org JSON)

 vendor_advisory webserver, httpd - de https://httpd.apache.org/security/vulnerabilities-httpd.json
Zurueck zur Eintrags-Liste