Apache HTTP Server Allows Remote Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache HTTP Server Allows Remote Code Execution

ECHO-0638-253e-d3ec

Summary

Apache HTTP Server versions 2.4.32 to 2.4.38 and 2.2.31 to 2.2.34 are affected. If exploited, an attacker could run malicious code on your server, potentially leading to data theft or site takeover. Update your server software to the latest version to protect your site and data.

What to do

Update underscore to version 1.13.4~dfsg+~1.11.4-3+e1.

Affected software

Vendor	Product	Affected versions	Fix available
–	underscore	All versions	–
–	underscore	<= 1.13.4~dfsg+~1.11.4-3+e1	1.13.4~dfsg+~1.11.4-3+e1

Original title

ECHO-0638-253e-d3ec

https://advisory.echohq.com/cve/CVE-2026-27601 URL

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026