CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42536

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.3%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2026-42536

Apache » Http Server » Version: 2.4.0

cpe:2.3:a:apache:http_server:2.4.0
Apache » Http Server » Version: 2.4.1

cpe:2.3:a:apache:http_server:2.4.1
Apache » Http Server » Version: 2.4.10

cpe:2.3:a:apache:http_server:2.4.10
Apache » Http Server » Version: 2.4.11

cpe:2.3:a:apache:http_server:2.4.11
Apache » Http Server » Version: 2.4.12

cpe:2.3:a:apache:http_server:2.4.12
Apache » Http Server » Version: 2.4.13

cpe:2.3:a:apache:http_server:2.4.13
Apache » Http Server » Version: 2.4.14

cpe:2.3:a:apache:http_server:2.4.14
Apache » Http Server » Version: 2.4.15

cpe:2.3:a:apache:http_server:2.4.15
Apache » Http Server » Version: 2.4.16

cpe:2.3:a:apache:http_server:2.4.16
Apache » Http Server » Version: 2.4.17

cpe:2.3:a:apache:http_server:2.4.17
Apache » Http Server » Version: 2.4.18

cpe:2.3:a:apache:http_server:2.4.18
Apache » Http Server » Version: 2.4.19

cpe:2.3:a:apache:http_server:2.4.19
Apache » Http Server » Version: 2.4.2

cpe:2.3:a:apache:http_server:2.4.2
Apache » Http Server » Version: 2.4.20

cpe:2.3:a:apache:http_server:2.4.20
Apache » Http Server » Version: 2.4.21

cpe:2.3:a:apache:http_server:2.4.21
Apache » Http Server » Version: 2.4.22

cpe:2.3:a:apache:http_server:2.4.22
Apache » Http Server » Version: 2.4.23

cpe:2.3:a:apache:http_server:2.4.23
Apache » Http Server » Version: 2.4.24

cpe:2.3:a:apache:http_server:2.4.24
Apache » Http Server » Version: 2.4.25

cpe:2.3:a:apache:http_server:2.4.25
Apache » Http Server » Version: 2.4.26

cpe:2.3:a:apache:http_server:2.4.26
Apache » Http Server » Version: 2.4.27

cpe:2.3:a:apache:http_server:2.4.27
Apache » Http Server » Version: 2.4.28

cpe:2.3:a:apache:http_server:2.4.28
Apache » Http Server » Version: 2.4.29

cpe:2.3:a:apache:http_server:2.4.29
Apache » Http Server » Version: 2.4.3

cpe:2.3:a:apache:http_server:2.4.3
Apache » Http Server » Version: 2.4.30

cpe:2.3:a:apache:http_server:2.4.30
Apache » Http Server » Version: 2.4.31

cpe:2.3:a:apache:http_server:2.4.31
Apache » Http Server » Version: 2.4.32

cpe:2.3:a:apache:http_server:2.4.32
Apache » Http Server » Version: 2.4.33

cpe:2.3:a:apache:http_server:2.4.33
Apache » Http Server » Version: 2.4.34

cpe:2.3:a:apache:http_server:2.4.34
Apache » Http Server » Version: 2.4.35

cpe:2.3:a:apache:http_server:2.4.35
Apache » Http Server » Version: 2.4.36

cpe:2.3:a:apache:http_server:2.4.36
Apache » Http Server » Version: 2.4.37

cpe:2.3:a:apache:http_server:2.4.37
Apache » Http Server » Version: 2.4.38

cpe:2.3:a:apache:http_server:2.4.38
Apache » Http Server » Version: 2.4.39

cpe:2.3:a:apache:http_server:2.4.39
Apache » Http Server » Version: 2.4.4

cpe:2.3:a:apache:http_server:2.4.4
Apache » Http Server » Version: 2.4.40

cpe:2.3:a:apache:http_server:2.4.40
Apache » Http Server » Version: 2.4.41

cpe:2.3:a:apache:http_server:2.4.41
Apache » Http Server » Version: 2.4.42

cpe:2.3:a:apache:http_server:2.4.42
Apache » Http Server » Version: 2.4.43

cpe:2.3:a:apache:http_server:2.4.43
Apache » Http Server » Version: 2.4.44

cpe:2.3:a:apache:http_server:2.4.44
Apache » Http Server » Version: 2.4.45

cpe:2.3:a:apache:http_server:2.4.45
Apache » Http Server » Version: 2.4.46

cpe:2.3:a:apache:http_server:2.4.46
Apache » Http Server » Version: 2.4.47

cpe:2.3:a:apache:http_server:2.4.47
Apache » Http Server » Version: 2.4.48

cpe:2.3:a:apache:http_server:2.4.48
Apache » Http Server » Version: 2.4.49

cpe:2.3:a:apache:http_server:2.4.49
Apache » Http Server » Version: 2.4.5

cpe:2.3:a:apache:http_server:2.4.5
Apache » Http Server » Version: 2.4.50

cpe:2.3:a:apache:http_server:2.4.50
Apache » Http Server » Version: 2.4.51

cpe:2.3:a:apache:http_server:2.4.51
Apache » Http Server » Version: 2.4.52

cpe:2.3:a:apache:http_server:2.4.52
Apache » Http Server » Version: 2.4.53

cpe:2.3:a:apache:http_server:2.4.53
Apache » Http Server » Version: 2.4.54

cpe:2.3:a:apache:http_server:2.4.54
Apache » Http Server » Version: 2.4.55

cpe:2.3:a:apache:http_server:2.4.55
Apache » Http Server » Version: 2.4.56

cpe:2.3:a:apache:http_server:2.4.56
Apache » Http Server » Version: 2.4.57

cpe:2.3:a:apache:http_server:2.4.57
Apache » Http Server » Version: 2.4.58

cpe:2.3:a:apache:http_server:2.4.58
Apache » Http Server » Version: 2.4.59

cpe:2.3:a:apache:http_server:2.4.59
Apache » Http Server » Version: 2.4.6

cpe:2.3:a:apache:http_server:2.4.6
Apache » Http Server » Version: 2.4.60

cpe:2.3:a:apache:http_server:2.4.60
Apache » Http Server » Version: 2.4.61

cpe:2.3:a:apache:http_server:2.4.61
Apache » Http Server » Version: 2.4.62

cpe:2.3:a:apache:http_server:2.4.62
Apache » Http Server » Version: 2.4.63

cpe:2.3:a:apache:http_server:2.4.63
Apache » Http Server » Version: 2.4.64

cpe:2.3:a:apache:http_server:2.4.64
Apache » Http Server » Version: 2.4.65

cpe:2.3:a:apache:http_server:2.4.65
Apache » Http Server » Version: 2.4.66

cpe:2.3:a:apache:http_server:2.4.66
Apache » Http Server » Version: 2.4.67

cpe:2.3:a:apache:http_server:2.4.67
Apache » Http Server » Version: 2.4.7

cpe:2.3:a:apache:http_server:2.4.7
Apache » Http Server » Version: 2.4.8

cpe:2.3:a:apache:http_server:2.4.8
Apache » Http Server » Version: 2.4.9

cpe:2.3:a:apache:http_server:2.4.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42536

Products

Pricing

Contact Us