CVE-2026-40435 — When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Sup — CVE Database · The Intelligence Room