CVE-2025-58136

High CVSS: 7.5

A bug in POST request handling causes a crash under a certain condition.

This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12.

Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue.

A workaround for older versions is to set proxy.config.http.request_buffer_enabled to 0 (the default value is 0).

Vendor

Apache

Product

Traffic Server

CWE

CWE-670

Yayın Tarihi

2026-04-02 17:16:20

Güncelleme

2026-04-06 16:06:11

Source Identifier

security@apache.org

KEV Date Added

Kategoriler

CWE-670 Traffic Server HIGH Apache 2026

Referanslar

https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q

Benzer Kayıtlar

High

CVE-2025-65114

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Se…

Medium

CVE-2026-32794

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate…

Low

CVE-2026-32642

Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application us…

Medium

CVE-2026-26929

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filterin…

Medium

CVE-2026-28563

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filt…

High

CVE-2026-28779

Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configu…