Privilege Escalation Vulnerability in Apache HTTP Server by The Apache Software Foundation
CVE-2026-24072

8.8HIGH

Key Information:

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 4 May 2026

Badges

📰 News Worthy

What is CVE-2026-24072?

A vulnerability exists in Apache HTTP Server versions prior to 2.4.67 that allows local .htaccess authors to inadvertently read files with the privileges of the httpd user. This flaw could be exploited to gain unauthorized access to sensitive information, posing a significant security risk. Users are urged to upgrade to version 2.4.67 to mitigate this vulnerability.

Affected Version(s)

Apache HTTP Server 0 <= 2.4.66

News Articles

Cybersecuritynews

CVE-2026-23918 CVE-2026-24072

Critical Apache HTTP Server Flaw Exposes Millions of Servers to RCE Attacks

The Apache Software Foundation has released a critical security update for Apache HTTP Server, patching five vulnerabilities, including a dangerous double-free flaw capable of enabling Remote Code Execution (RCE) in version 2.4.67, released on May 4, 2026.

3 weeks ago

References

https://httpd.apache.org/security/vulnerabilities_24.html

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Cybersecuritynews
May 5, 2026
Vulnerability published
May 4, 2026
Vulnerability Reserved
Jan 21, 2026

Credit

y7syeu

CVE-2026-24072 Data

JSON