Apache HTTP Server 2.4.x — mod_proxy_ajp heap buffer overflow (RCE via AJP backend)
cve · CVE-2026-28780
Coverage timeline
1
first 2026-05-07 → last 2026-05-07
Briefs
1
1 distinct
Sources cited
4
4 hosts
Sections touched
1
updates
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-07CTI Daily Brief — 2026-05-07
Where this entity is cited
- updates1
Source distribution
- cert.ssi.gouv.fr1 (25%)
- httpd.apache.org1 (25%)
- securityweek.com1 (25%)
- thehackernews.com1 (25%)
External references
All cited sources (4)
- httpd.apache.orgprimaryinlineApache HTTP Server security pagehttps://httpd.apache.org/security/vulnerabilities_24.html
- cert.ssi.gouv.frinlineCERT-FR CERTFR-2026-AVI-0530, 2026-05-05https://www.cert.ssi.gouv.fr/
- securityweek.cominlineSecurityWeek, 2026-05-05https://www.securityweek.com/critical-high-severity-vulnerabilities-patched-in-apache-mina-http-server/
- thehackernews.cominlineThe Hacker News, 2026-05-05https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html
Items in briefs about Apache HTTP Server 2.4.x — mod_proxy_ajp heap buffer overflow (RCE via AJP backend)
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.