Apache CVE-2026-49975
Original Question or Issue:
Is FileCloud vulnerable to the "http/2 bomb" vulnerability (CVE-2026-49975) due to the stack using Apache.
Environment:
- Product - FileCloud Server
- Version - 23.261
- Platform - Any
Steps to Reproduce:
1. Review FileCloud server environment.
2. Check whether Apache HTTP/2 functionality is enabled.
3. Assess potential exposure to CVE-2026-49975.
Error or Log Message:
No specific error message was reported. This was a vulnerability exposure inquiry.
Defect or Enhancement Number:
Cause:
The CVE is related to HTTP/2 handling in affected web servers and would depend on Apache HTTP/2 / mod_http2 being enabled.
Resolution or Workaround:
FileCloud’s default Apache configuration does not appear to enable HTTP/2 by default. If HTTP/2 / mod_http2 has not been manually enabled, the server would not be expected to be exposed to this specific CVE through Apache.
Notes:
- This was a product security clarification rather than a break-fix issue.