Apache HTTP Server Fails to Validate Hostnames

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache HTTP Server Fails to Validate Hostnames

UBUNTU-CVE-2026-3184

Summary

Apache HTTP Server's hostname validation is flawed, allowing attackers to trick the server into accessing unauthorized resources. This can lead to sensitive data exposure and unauthorized actions. To address this, update to the latest version of the Apache HTTP Server.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
canonical	util-linux	All versions	–

Original title

[Access control bypass due to improper hostname canonicalization]

Original description

[Access control bypass due to improper hostname canonicalization]

https://ubuntu.com/security/CVE-2026-3184 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2026-3184 Third Party Advisory

Published: 26 Feb 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026