Apache HTTP Server Cross-Site Scripting (XSS) in mod_proxy_ajp

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache HTTP Server Cross-Site Scripting (XSS) in mod_proxy_ajp

ECHO-9e39-7166-9c17

Summary

Apache's HTTP Server has a security issue that allows an attacker to inject malicious code into web pages. This can happen when a user visits a website that uses Apache's mod_proxy_ajp module to connect to another server. To fix this, update Apache's HTTP Server to the latest version as soon as possible.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
–	python-aiohttp	All versions	–

Original title

ECHO-9e39-7166-9c17

https://advisory.echohq.com/cve/CVE-2026-34520 URL

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026