Apache · Apache Http Server · CVE-2026-34356
**Name of the Vulnerable Software and Affected Versions**
Apache HTTP Server versions 2.4.0 through 2.4.67
**Description**
A heap-based buffer overflow occurs when interacting with malicious backend servers using `ProxyPassReverseCookie*`. A heap-based buffer overflow is a memory corruption issue where data exceeds the allocated boundary of a buffer on the heap, potentially leading to crashes or arbitrary code execution.
**Recommendations**
Upgrade to version 2.4.68.