Issued at: 2026-07-07
Updated at: 2026-07-07
Synopsis
Moderate: mod_http2 security, bug fix, and enhancement update
Description
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.
Security Fix(es):
* httpd: mod_http2: Apache HTTP Server mod_http2: Use After Free vulnerability allows arbitrary code execution or denial of service. (CVE-2026-48913)
* httpd: Apache HTTP Server: Out-of-bounds Read in mod_headers and mod_mime (CVE-2026-43951)
Bug Fix(es) and Enhancement(s):
* address CVE-2026-43951 and CVE-2026-48913 in mod_http2 (JIRA:Rocky Linux-188008)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.