What happened: A double-free flaw in Apache HTTP Server’s HTTP/2 handling can crash servers or allow remote code execution without authentication. Why it matters: With Apache powering about a quarter ...

A single malformed web request is all it takes. On May 4, 2026, the Apache Software Foundation quietly filed a vulnerability report with the National Vulnerability Database disclosing a critical flaw ...

The Apache Software Foundation has released an update to address a critical flaw in its hugely popular web server that allows remote attackers to take control of a vulnerable system. The first Apache ...

Apache Software Foundation has released HTTP Web Server 2.4.51 after researchers discovered that a previous security update didn't correctly fix an actively exploited vulnerability. Apache HTTP Server ...

Users of the open source Apache HTTP Server who have updated to recently released version 2.4.49 are being urged to update to 2.4.50 immediately to apply fixes for a newly disclosed zero-day that is ...

Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects. Don’t duck at the latest mention of Apache: ...