CVE-2026-44186

Published: Jun 8, 2026Modified: Jun 11, 2026

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Affected (1)

Products: Apache: Http Server

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 2.4.0 to 2.4.68

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (2)

https://httpd.apache.org/security/vulnerabilities_24.html

Source: security@apache.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2026/06/08/13

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.