High severity7.3NVD Advisory· Published May 5, 2026· Updated May 6, 2026
CVE-2026-29168
CVE-2026-29168
Description
Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data.
This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.openwall.com/lists/oss-security/2026/05/05/6nvdMailing ListThird Party Advisory
- httpd.apache.org/security/vulnerabilities_24.htmlnvdRelease NotesVendor Advisory
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026