Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Apache HTTP Server Trust Manager Vulnerability: Mismatched Hostname
CLEANSTART-2026-ZV38826
Summary
Apache HTTP Server's trust-manager package has a security flaw that can allow attackers to intercept sensitive information, such as passwords and data, by exploiting a mismatch between the server's hostname and the one expected by the trust manager. This can happen when the hostname of the server is changed without updating the trust manager's settings. To protect your server, update the trust manager settings to match the new hostname or reconfigure the server to use a trusted hostname.
What to do
- Update trust-manager to version 0.20.2-r1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | trust-manager | <= 0.20.2-r1 | 0.20.2-r1 |
Original title
Within HostnameError
Original description
Security vulnerability affects the trust-manager package. Within HostnameError.
osv CVSS3.1
9.8
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026