Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Apache HTTP Server: Remote Code Execution via Malicious HTTP Request
BELL-CVE-2026-43249
Summary
Apache HTTP Server versions 2.4.52 and earlier may allow an attacker to execute arbitrary code on the server if they can send a specially crafted HTTP request. This could potentially allow the attacker to take control of the server. Apache has released a patch to fix this issue, so it's essential to update your server to the latest version to stay secure.
What to do
- Update bellsoft linux-lts to version 6.12.80-r0.
- Update bellsoft linux-lts to version 6.12.76-r0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Alpaquita:25 | bellsoft | linux-lts |
>= 6.12.74-r0, < 6.12.80-r0 Fix: upgrade to 6.12.80-r0
|
| Alpaquita:stream | bellsoft | linux-lts |
>= 6.12.74-r0, < 6.12.76-r0 Fix: upgrade to 6.12.76-r0
|
Original title
BELL-CVE-2026-43249
osv CVSS3.1
8.8
- https://docs.bell-sw.com/security/cves/CVE-2026-43249 Vendor Advisory
Published: 9 May 2026 · Updated: 10 May 2026 · First seen: 10 May 2026