CVE-2026-34355 is a vulnerability in Apache HTTP Server
Published on June 8, 2026

Apache HTTP Server: mod_proxy_html buffer overflow
A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

Vendor Advisory NVD

Timeline

2026-03-21

Report received

2026-06-04

fixed in 2.4.x by r1934977 75 days later.

2026-06-08

2.4.68 released 4 days later.

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2026-34355

Want to know whenever a new CVE is published for Apache HTTP Server? stack.watch will email you.

Apache HTTP Server

Affected Versions

Apache Software Foundation Apache HTTP Server: