CVE-2026-43951

Public on 2026-06-08
Modified on 2026-06-12
Description
Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages.

This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Severity
Medium severity
Medium
See what this means
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core httpd 2026-06-22 ALAS2-2026-3379 Fixed
Amazon Linux 2023 httpd 2026-06-22 ALAS2023-2026-1880 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2026-43951 Mitre: CVE-2026-43951