CVE-2026-23918
published 2026-05-04CVE-2026-23918: Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.
This issue affects Apache HTTP Server: 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | — | — |
| apache | httpd | — | — |
| apache_software_foundation | apache_http_server | — | — |
| httpd_2.4 | httpd | — | — |
| httpd_2.4 | mod_http2 | — | — |
| ubuntu | apache2 | — | — |