CVE-2026-49975 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Debian Releases

Debian Product

Codename

apache2

bookworm	vulnerable
bookworm (security)	2.4.67-1~deb12u3 fixed
bullseye	vulnerable
bullseye (security)	2.4.67-1~deb11u2 fixed
forky	vulnerable
sid	2.4.67-2 fixed
trixie	vulnerable
trixie (security)	2.4.67-1~deb13u3 fixed

Common Weakness Enumeration

CWE-789 - Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Vulnerability Media Exposure

[ENGLISH] OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds
Codex drops an HTTP/2 Bomb
Published: 2026-06-04T21:08:00+02:00
[GERMAN] HTTP/2-Implementierungen: Schwachstelle ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in verschiedenen HTTP/2-Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2026-06-04T22:00:00+00:00
[GERMAN] Apache HTTP Server: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Apache HTTP Server ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen, Daten zu verändern und offenzulegen, einen Denial-of-Service-Zustand zu verursachen oder andere nicht näher definierte Angriffe durchzuführen.
Published: 2026-06-08T22:00:00+00:00

References

https://httpd.apache.org/security/vulnerabilities_24.html

http://www.openwall.com/lists/oss-security/2026/06/03/3

http://www.openwall.com/lists/oss-security/2026/06/08/16

https://lists.debian.org/debian-lts-announce/2026/06/msg00009.html