A vulnerability identified as problematic has been detected in Apache HTTP Server up to 2.4.67 . Affected is the function merge_response_headers . The manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-43951 . The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.