Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Apache HTTP Server Cross-Site Scripting (XSS) in Error Pages
BELL-CVE-2026-43493
Summary
Apache HTTP Server versions 2.4.52 and earlier contain a vulnerability that allows attackers to inject malicious code into error pages, potentially allowing them to steal sensitive information or take control of users' browsers. This affects servers hosting public-facing websites. To mitigate the risk, update to the latest version of Apache HTTP Server.
What to do
- Update bellsoft linux-lts to version 6.12.87-r0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Alpaquita:23 | bellsoft | linux-lts | >= 6.1.170-r0 |
| Alpaquita:25 | bellsoft | linux-lts |
>= 6.12.85-r0, < 6.12.87-r0 Fix: upgrade to 6.12.87-r0
|
| Alpaquita:stream | bellsoft | linux-lts |
>= 6.12.85-r0, < 6.12.87-r0 Fix: upgrade to 6.12.87-r0
|
Original title
BELL-CVE-2026-43493
- https://docs.bell-sw.com/security/cves/CVE-2026-43493 Vendor Advisory
Published: 20 May 2026 · Updated: 22 May 2026 · First seen: 20 May 2026