VDB
CVE-2026-43951
CVE-2026-43951
PUBLISHED
CVSS 6.5 MEDIUM
Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash
Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache Software Foundation | Apache HTTP Server | |
| Bitnami | apache | 2.4.0 |
Timeline
- Jun 8, 2026 CVE Published
- Jun 8, 2026 CVE Updated
- Jun 9, 2026 Coalition ESS Score
- Jun 10, 2026 Security Advisory