{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-49975", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2026-06-02T17:20:37.983Z", "datePublished": "2026-06-08T15:26:04.674Z", "dateUpdated": "2026-07-15T00:47:26.100Z" }, "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.67", "status": "affected", "version": "2.4.17", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Quang Luong of Calif.IO in collaboration with OpenAI Codex" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests.
This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.