Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Debian Linux: Unauthenticated Remote Code Execution via HTTP

DEBIAN-CVE-2026-48829

Summary

A security flaw in Debian Linux's httpd server allows hackers to run malicious code on a server without needing a password. This could lead to unauthorized access and data theft. Update to the latest version of the httpd server to fix this issue.

What to do

Update debian gsasl to version 2.2.0-1+deb12u1.
Update debian gsasl to version 2.2.2-1.1+deb13u1.
Update debian gsasl to version 2.2.3-1.

Affected software

Ecosystem	Vendor	Product	Affected versions
Debian:12	debian	gsasl	< 2.2.0-1+deb12u1 Fix: upgrade to 2.2.0-1+deb12u1
Debian:11	debian	gsasl	All versions
Debian:13	debian	gsasl	< 2.2.2-1.1+deb13u1 Fix: upgrade to 2.2.2-1.1+deb13u1
Debian:14	debian	gsasl	< 2.2.3-1 Fix: upgrade to 2.2.3-1

Original title

DEBIAN-CVE-2026-48829

osv CVSS3.1 7.5

https://security-tracker.debian.org/tracker/CVE-2026-48829 Vendor Advisory

Published: 24 May 2026 · Updated: 24 May 2026 · First seen: 24 May 2026