Severity: moderate Affected versions:
- Apache HTTP Server 2.4.17 through 2.4.67 Description: Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67. Credit: Quang Luong of Calif.IO in collaboration with OpenAI Codex (finder) References: https://httpd.apache.org/security/vulnerabilities_24.html https://httpd.apache.org/ https://www.cve.org/CVERecord?id=CVE-2026-49975 Timeline: 2026-05-26: reported 2026-05-27: fixed upstream in mod_h2 https://github.com/icing/mod_h2/commit/35c6e405390ed361189a82acd96675401ea5947c 2026-06-02: fixed in 2.4.x by r1934882 2026-06-08: 2.4.68 released
