The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.
Security Fix(es):
httpd: modhttp2: Apache HTTP Server modhttp2: Use After Free vulnerability allows arbitrary code execution or denial of service. (CVE-2026-48913)
httpd: Apache HTTP Server: Out-of-bounds Read in modheaders and modmime (CVE-2026-43951)
Bug Fix(es) and Enhancement(s):
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.