Privilege Escalation Vulnerability in Apache HTTP Server by The Apache Software Foundation
CVE-2026-24072

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 4 May 2026

What is CVE-2026-24072?

A vulnerability exists in Apache HTTP Server versions prior to 2.4.67 that allows local .htaccess authors to inadvertently read files with the privileges of the httpd user. This flaw could be exploited to gain unauthorized access to sensitive information, posing a significant security risk. Users are urged to upgrade to version 2.4.67 to mitigate this vulnerability.

Affected Version(s)

Apache HTTP Server 0 <= 2.4.66

References

https://httpd.apache.org/security/vulnerabilities_24.html

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
Jan 21, 2026

Credit

y7syeu

CVE-2026-24072 Data

JSON