Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-9054: Apache HTTP Server TCP Packet Length Overflow

CVE-2026-9054

Summary

Apache HTTP Server may crash if it receives certain types of network packets. This can cause the server to become unresponsive, leading to downtime and potential data loss. To protect against this, ensure that your Apache HTTP Server is updated with the latest security patches.

Original title

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic.

Original description

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic.

nvd CVSS4.0 9.2

https://git.9front.org/plan9front/9front/70c97c334171c715df82774d1a47638abaca2db...
https://git.9front.org/plan9front/9front/7838d68969549f938cc8e80c0c2b4218cb12805...
https://git.9front.org/plan9front/9front/f86917b75e9562f90545b7e484dbdcd74823695...

Published: 22 May 2026 · Updated: 28 May 2026 · First seen: 22 May 2026