CVE-2026-29168 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.3 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Affected Products (NVD)

Vendor	Product	Version
apache	http_server	2.4.30 ≤ 𝑥 < 2.4.67

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

apache2

bionic	not-affected
focal	not-affected
jammy	Fixed 2.4.52-1ubuntu4.20 released
noble	Fixed 2.4.58-1ubuntu8.12 released
questing	Fixed 2.4.64-1ubuntu3.4 released
resolute	Fixed 2.4.66-2ubuntu2.1 released
trusty	not-affected
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

apache2

suse enterprise desktop 15 SP7	2.4.66-150700.4.20.1 fixed
suse enterprise sap 15 SP7	2.4.66-150700.4.20.1 fixed
suse enterprise server 15 SP6	2.4.66-150600.5.52.1 fixed
suse enterprise server 15 SP7	2.4.66-150700.4.20.1 fixed

apache2-devel

suse enterprise sap 15 SP7	2.4.66-150700.4.20.1 fixed
suse enterprise server 15 SP6	2.4.66-150600.5.52.1 fixed
suse enterprise server 15 SP7	2.4.66-150700.4.20.1 fixed

apache2-manual

suse enterprise sap 15 SP7	2.4.66-150700.4.20.1 fixed
suse enterprise server 15 SP6	2.4.66-150600.5.52.1 fixed
suse enterprise server 15 SP7	2.4.66-150700.4.20.1 fixed

apache2-prefork

suse enterprise desktop 15 SP7	2.4.66-150700.4.20.1 fixed
suse enterprise sap 15 SP7	2.4.66-150700.4.20.1 fixed
suse enterprise server 15 SP6	2.4.66-150600.5.52.1 fixed
suse enterprise server 15 SP7	2.4.66-150700.4.20.1 fixed

apache2-utils

suse enterprise sap 15 SP7	2.4.66-150700.4.20.1 fixed
suse enterprise server 15 SP6	2.4.66-150600.5.52.1 fixed
suse enterprise server 15 SP7	2.4.66-150700.4.20.1 fixed

apache2-worker

suse enterprise sap 15 SP7	2.4.66-150700.4.20.1 fixed
suse enterprise server 15 SP6	2.4.66-150600.5.52.1 fixed
suse enterprise server 15 SP7	2.4.66-150700.4.20.1 fixed

Amazon Linux Releases

Amazon Package

Release

httpd

Amazon Linux 2	0:2.4.67-1.amzn2.0.1 fixed
Amazon Linux 2023	0:2.4.67-1.amzn2023.0.1 fixed

httpd-core

Amazon Linux 2023

0:2.4.67-1.amzn2023.0.1

fixed

httpd-core-debuginfo

Amazon Linux 2023

0:2.4.67-1.amzn2023.0.1

fixed

httpd-debuginfo

Amazon Linux 2	0:2.4.67-1.amzn2.0.1 fixed
Amazon Linux 2023	0:2.4.67-1.amzn2023.0.1 fixed

httpd-debugsource

Amazon Linux 2023

0:2.4.67-1.amzn2023.0.1

fixed

httpd-devel

Amazon Linux 2	0:2.4.67-1.amzn2.0.1 fixed
Amazon Linux 2023	0:2.4.67-1.amzn2023.0.1 fixed

httpd-filesystem

Amazon Linux 2	0:2.4.67-1.amzn2.0.1 fixed
Amazon Linux 2023	0:2.4.67-1.amzn2023.0.1 fixed

httpd-manual

Amazon Linux 2	0:2.4.67-1.amzn2.0.1 fixed
Amazon Linux 2023	0:2.4.67-1.amzn2023.0.1 fixed

httpd-tools

Amazon Linux 2	0:2.4.67-1.amzn2.0.1 fixed
Amazon Linux 2023	0:2.4.67-1.amzn2023.0.1 fixed

httpd-tools-debuginfo

Amazon Linux 2023

0:2.4.67-1.amzn2023.0.1

fixed

mod_ldap

Amazon Linux 2	0:2.4.67-1.amzn2.0.1 fixed
Amazon Linux 2023	0:2.4.67-1.amzn2023.0.1 fixed

mod_ldap-debuginfo

Amazon Linux 2023

0:2.4.67-1.amzn2023.0.1

fixed

mod_lua

Amazon Linux 2023

0:2.4.67-1.amzn2023.0.1

fixed

mod_lua-debuginfo

Amazon Linux 2023

0:2.4.67-1.amzn2023.0.1

fixed

mod_md

Amazon Linux 2

0:2.4.67-1.amzn2.0.1

fixed

mod_proxy_html

Amazon Linux 2	1:2.4.67-1.amzn2.0.1 fixed
Amazon Linux 2023	1:2.4.67-1.amzn2023.0.1 fixed

mod_proxy_html-debuginfo

Amazon Linux 2023

1:2.4.67-1.amzn2023.0.1

fixed

mod_session

Amazon Linux 2	0:2.4.67-1.amzn2.0.1 fixed
Amazon Linux 2023	0:2.4.67-1.amzn2023.0.1 fixed

mod_session-debuginfo

Amazon Linux 2023

0:2.4.67-1.amzn2023.0.1

fixed

mod_ssl

Amazon Linux 2	1:2.4.67-1.amzn2.0.1 fixed
Amazon Linux 2023	1:2.4.67-1.amzn2023.0.1 fixed

mod_ssl-debuginfo

Amazon Linux 2023

1:2.4.67-1.amzn2023.0.1

fixed

Azure Linux Releases

Azure Package

Release

httpd

Azure Linux 3.0

0:2.4.67-1.azl3

fixed

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Vulnerability Media Exposure

[GERMAN] Apache HTTP Server: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Apache HTTP Server ausnutzen, um erweiterte Privilegien zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Published: 2026-05-04T22:00:00+00:00

References

https://httpd.apache.org/security/vulnerabilities_24.html

http://www.openwall.com/lists/oss-security/2026/05/05/6