Question [CVE-2026-44631] Apache HTTP Server Buffer Underflow Code Execution Vulnerability

P

peteeeeeee

New Pleskian
Server operating system version
Red Hat Enterprise Linux 9.7
Plesk version and microupdate number
Plesk Obsidian 18.0.78 Update #3
May I know if Plesk has a plan to release a fix for this?
cve report

Thanks for any advice.
 
Plesk relies on the OS vendor for apache updates (recommended version is now currently 2.4.68, Debian currently only has 2.4.67, not sure what RHEL has, you should find out what you have with httpd -v or dnf info httpd). Until the OS vendor releases the update, there's a few things you can do:
  1. Simplify your regex instead of using complex versions.
    • Or use non-regex alternative if possible.
  2. Restrict access to limit the exposer.
    • This includes utilizing WAF (Web Application Firewalls) or reverse proxies like Cloudflare.
  3. Disabled modules you don't need.
    • Not utilizing rewrite? Disable it then.
  4. Where possible make sure AllowOverride is set to None to reduce .htaccess influences.
Personally I use Nginx for all my domains so my Apache exposer is pretty non-existence. Plus I think Nginx is faster (at least in my use case).
 
You must log in or register to reply here.

Similar threads

I
Question CVE-2026-23918, CVE-2026-24072 and update to Apache 2.4.67
Replies
10
Views
4K
iainh
I
D
Resolved CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability
Replies
3
Views
2K
Daveo
Daveo
D
Question When will Plesk update Roundcube to 1.6.16 / 1.7.1? (Multiple CVEs)
Replies
2
Views
981
Sebahat.hadzhi
Sebahat.hadzhi
F
Question Security FIX CVE-2026-33691 OWASP < 4.25.0 (LTS)
Replies
2
Views
2K
Franchino
F
T
Issue [BUG] sw-nginx 1.30.1 (CVE-2026-42945 patch) crashes with SIGABRT on AlmaLinux 9.7 + OpenSSL 3.5.1
Replies
13
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top