Multiple Vulnerabilities Disclosed in Apache HTTP Server and Apache Airflow Providers
German authorities published advisories for multiple vulnerabilities affecting both Apache HTTP Server and Apache Airflow components, expanding the list of enterprise Apache software requiring review. One notice, dCERT Advisory 2026-1331, covers several flaws in Apache HTTP Server, a widely deployed web server used in internet-facing and internal application environments.
A separate notice, dCERT Advisory 2026-1636, reports multiple vulnerabilities in Apache Airflow provider packages, specifically the Google and FAB providers. While the advisories provided no public synopsis in the referenced notices, the disclosures indicate that organizations using these Apache products should identify affected deployments, review vendor guidance, and prioritize patching or other mitigations for exposed systems and workflow orchestration environments.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
dCERT publishes Apache Airflow provider multiple-vulnerability advisory
dCERT published Advisory 2026-1636 for multiple vulnerabilities affecting Apache Airflow Google and FAB providers. The reference does not include further details on impact, exploitation, or fixes.
dCERT publishes Apache HTTP Server multiple-vulnerability advisory
dCERT published Advisory 2026-1331 covering multiple vulnerabilities affecting Apache HTTP Server. No additional technical details or remediation information are provided in the reference content.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Apache Airflow Flaws Enable Security Bypass and Multiple Additional Vulnerabilities
German authorities issued advisories for **Apache Airflow** covering a vulnerability that can bypass security measures and a separate notice for **multiple vulnerabilities** affecting the workflow orchestration platform. The alerts indicate that Airflow deployments may be exposed to weaknesses that undermine intended protections and introduce additional security risk across affected environments. Organizations using Apache Airflow should review the referenced advisories, identify affected versions, and prioritize vendor-recommended updates or mitigations. Because Airflow is commonly used to manage automated data pipelines and scheduled jobs, successful exploitation could weaken access controls or expose connected systems and workflows to further compromise.
May 11, 2026
Multiple Vulnerabilities Disclosed in Apache Traffic Server and Apache Tomcat
German authorities published security advisories for **Apache Traffic Server** and **Apache Tomcat/Tomcat Native**, warning of multiple vulnerabilities affecting the widely used web proxy, caching, and Java application server products. The notices identify separate issues in the two Apache projects, indicating that organizations running these technologies should review vendor guidance and determine whether exposed internet-facing services or internal application platforms are affected. The advisories provide limited public detail, but the affected software is commonly deployed in enterprise web delivery and application environments, raising the risk of service disruption, unauthorized access, or further compromise if vulnerable instances remain unpatched. Security teams are expected to prioritize asset identification, apply available updates from the Apache projects and downstream vendors, and monitor systems using **Apache Traffic Server**, **Apache Tomcat**, and **Tomcat Native** for signs of exploitation or abnormal activity.
Apr 10, 2026
Multiple Critical Vulnerabilities in Popular Enterprise Software and Devices
Several critical vulnerabilities have been disclosed in widely used enterprise products, each posing significant security risks. A flaw in ASUSTOR devices (CVE-2025-13051) allows local attackers to escalate privileges to SYSTEM via DLL hijacking, potentially granting full control over affected systems. Separately, Apache Causeway is impacted by a remote code execution vulnerability (CVE-2025-64408) that enables authenticated attackers to execute arbitrary code through Java deserialization, threatening the integrity of applications built on this framework. Additionally, the D-Link DIR-878 router, now at end-of-life, contains three unpatched remote code execution flaws that allow unauthenticated attackers to run commands remotely, leaving users exposed with no forthcoming security updates. Apache Tomcat is also affected by a critical path traversal vulnerability (CVE-2025-55752), which can be exploited under certain rewrite configurations to access sensitive directories, especially when HTTP PUT is enabled. Organizations using these products should urgently assess their exposure and apply mitigations or seek alternatives where patches are unavailable.
Mar 21, 2026