oss-sec mailing list archives
CVE-2026-59173: Apache Traffic Server is vulnerable to stalled HTTP/2 flow-control
From: Masakazu Kitajo <maskit () apache org>
Date: Thu, 16 Jul 2026 23:46:34 -0600
Apache Traffic Server is vulnerable to stalled HTTP/2 flow-control. CVE: CVE-2026-59173 - DoS vulnerability in HTTP/2 via stalled flow-control conditions Severity: important Reported By: Okta Red Team Vendor: The Apache Software Foundation Version Affected: ATS 9.0.0 to 9.2.13 ATS 10.0.0 to 10.1.2 Mitigation: 9.x users should upgrade to 9.2.14 or later versions 10.x users should upgrade to 10.1.3 or later versions Reference: https://www.cve.org/CVERecord?id=CVE-2026-59173
Current thread:
- CVE-2026-59173: Apache Traffic Server is vulnerable to stalled HTTP/2 flow-control Masakazu Kitajo (Jul 16)
