diff --git a/pkgs/development/libraries/libmicrohttpd/generic.nix b/pkgs/development/libraries/libmicrohttpd/generic.nix
index 0af066c7123..d5bc619e904 100644
--- a/pkgs/development/libraries/libmicrohttpd/generic.nix
+++ b/pkgs/development/libraries/libmicrohttpd/generic.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, libgcrypt, curl, gnutls, pkg-config, libiconv, libintl, version, src, meta ? {} }:
+{ lib, stdenv, libgcrypt, curl, gnutls, pkg-config, libiconv, libintl, version, src, meta ? {}, fetchpatch }:
 
 let
   meta_ = meta;
@@ -8,6 +8,17 @@ stdenv.mkDerivation rec {
   pname = "libmicrohttpd";
   inherit version src;
 
+  patches = lib.optionals (lib.versionOlder version "0.9.76") [
+    (fetchpatch {
+      name = "CVE-2023-27371.patch";
+      url = "https://git.gnunet.org/libmicrohttpd.git/patch/?id=e0754d1638c602382384f1eface30854b1defeec";
+      hash = "sha256-vzrq9HPysGpc13rFEk6zLPgpUqp/ST4q/Wp30Dam97k=";
+      excludes = [
+        "ChangeLog"
+      ];
+    })
+  ];
+
   outputs = [ "out" "dev" "devdoc" "info" ];
   nativeBuildInputs = [ pkg-config ];
   buildInputs = [ libgcrypt curl gnutls libiconv libintl ];