Apache Traffic Server: A simple legitimate POST request causes a crash

Description

A vulnerability classified as problematic has been found in Apache Traffic Server up to 9.2.12/10.1.1. Affected by this issue is some unknown functionality of the component POST Request Handler. Performing a manipulation results in incorrect control flow.

Affected Products

Vendor	Product	Versions
Apache Software Foundation	Apache Traffic Server	10.0.0, 9.0.0

References

https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q(vendor-advisory)

Related News (2 articles)

Tier C

VulDB2h ago

CVE-2025-58136 | Apache Traffic Server up to 9.2.12/10.1.1 POST Request control flow

→ No new info (linked only)

Tier C

oss-security3h ago

[ANNOUNCE] ATS is vulnerable to HTTP requests with body

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q

CWECWE-670

PublishedApr 2, 2026

Last enriched1h agov3

Trending Score38

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 1h ago

v3Tier C1h ago

Updated description with new technical details, changed severity to HIGH, and noted that no exploit exists.

descriptionseverity

via VulDB

v2Tier C3h ago

Updated product to ATS, added new CVE-IDs, and changed severity to HIGH.

affectedVersionscweIds

via oss-security

v13h ago

Initial creation

Apache Traffic Server: A simple legitimate POST request causes a crash

Description

Affected Products

References

Related News (2 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History