← All CVEs

CVE-2026-49975

HIGH 7.5 PoC AVAILABLE

Published 2026-06-08 · Last modified 2026-06-30

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.

LIKELY TARGET

11.5% modeled chance of exploitation in the next 30 days (95th percentile) · public exploit code available. Prioritize remediation.

Exploitation likelihood

11.5%chance of exploitation in 30 days · 95th percentile

○ In CISA KEV ● Public exploit / PoC

Impact if exploited

7.5CVSS 3.1 · HIGH

  • ConfidentialityNone
  • IntegrityNone
  • AvailabilityHigh

What an attacker needs

  • Access: Reachable over the network — no local access needed
  • Privileges: No account or privileges required
  • User interaction: No user interaction needed
  • Complexity: No special conditions — reliably repeatable

✓ lowers the bar for an attacker · ⚠ raises it

Proof of concept & exploit code

Listed for defensive triage and patch prioritization.

Affected

Vendors Apache Software Foundation Red Hat

Products Apache Http Server Red Hat Jboss Core Services On Rhel 7 Server Red Hat Jboss Core Services On Rhel 8 Red Hat Enterprise Linux Appstream (V. 10) Red Hat Enterprise Linux Appstream (V. 8) Red Hat Enterprise Linux Appstream (V. 9) Red Hat Hardened Images Red Hat Jboss Core Services 2.4.62.Sp4

Weakness (CWE)

  • CWE-789
  • CWE-409

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Sources: NVD · CVE.org · EPSS