Apache HTTP Server Unauthenticated Remote Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache HTTP Server Unauthenticated Remote Code Execution

ECHO-f8cb-56ce-2d8e

Summary

Apache HTTP Server's mod_proxy module has a vulnerability that allows an attacker to execute code on a remote server without needing a password. This could allow an attacker to take control of the server and steal sensitive information. If you're using Apache HTTP Server, update to the latest version to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
–	python-aiohttp	All versions	–

Original title

ECHO-f8cb-56ce-2d8e

https://advisory.echohq.com/cve/CVE-2026-34525 URL

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026