Skip to content

Apache HTTP Server 2.4.x — mod_proxy_ajp heap buffer overflow (RCE via AJP backend)

cve · CVE-2026-28780

First covered

2026-05-07

Last covered

2026-05-07

Appearances

1

All cited sources for this topic (2)

Story timeline

2026-05-07CTI Daily Brief — 2026-05-07
updatesFirst coverage (UPDATE to 2026-05-06 Apache item). mod_proxy_ajp heap buffer overflow via crafted AJP messages; fixed in Apache 2.4.67. Not retrieved in prior run.