CVE-2026-49975

Apache HTTP Server: mod_http2 denial of service

CVSS 7.5 HIGHEPSS 10.4%CWE-789

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Productos afectados

Apache Software Foundation · Apache HTTP Server

PoCs públicas encontradas — 11

githubgithub.com/mrx-arafat/CVE-2026-49975-POC★ 23 cve_referencegithub.com/EQSTLab/CVE-2026-49975★ 10 githubgithub.com/fevar54/Proof-of-Concept-POC---CVE-2026-49975-HTTP-2-Bomb-★ 6 githubgithub.com/LSG-PolarBear/CVE-2026-49975★ 4 githubgithub.com/obrige/http2-bomb★ 4 githubgithub.com/renzi25031469/CVE-2026-49975-HTTP-2-Bomb★ 1 githubgithub.com/LiaoZiqi-GZFLS/CVE-2026-49975★ 1 githubgithub.com/minc-nice-100/http2-bomb-analysis-paper★ 1 githubgithub.com/adminlove520/http2-bomb-detector★ 1 githubgithub.com/razureink/cve-2026-49975-http2bomb_reproduction★ 0 githubgithub.com/0xc03307b/CVE-2026-49975★ 0

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/EQSTLab/CVE-2026-49975 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.debian.org/debian-lts-announce/2026/06/msg00009.html http://www.openwall.com/lists/oss-security/2026/06/03/3 http://www.openwall.com/lists/oss-security/2026/06/08/16