CVE-2026-29170

CVE-2026-29170

A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recomm…

Vulnerability class: XSS (Cross-Site Scripting)

Weakness classification (CWE)

References