CVE-2026-49975

HIGH

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.

CVSS v3.1 Score

7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Published: 6/8/2026Modified: 6/10/2026

Related Intelligence (2)

CRITICALZero Day

Patch Tuesday - June 2026

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provide

CVE-2026-33825CVE-2026-45585
Rapid7
CRITICALDdos

HTTP/2’s speed abused to slow webserver performance in DoS attack

Security researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in Codex-assisted analysis. A flaw in the handling of the HTTP/2 protocol made a denial-of-service (DoS) attack possible on web servers including nginx, Apache HTTP server, Microsoft IIS, Envoy, and Cloudflare’s

CVE-2026-49975
CSO Online

References (4)

https://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisoryhttp://www.openwall.com/lists/oss-security/2026/06/03/3Mailing ListThird Party Advisoryhttp://www.openwall.com/lists/oss-security/2026/06/08/16Mailing ListThird Party Advisoryhttps://lists.debian.org/debian-lts-announce/2026/06/msg00009.htmlMailing ListThird Party Advisory