WebDAV Path Handling Vulnerability in Apache Web Server
CVE-2026-42535

9.1CRITICAL

Key Information:

Vendor

Apache

Vendor
CVE Published:
8 June 2026

What is CVE-2026-42535?

A path handling vulnerability exists in the mod_dav_fs module of Apache Web Server versions prior to 2.4.68. This flaw permits a WebDAV content author to directly manipulate trusted DAV property databases, which could lead to instability, including potential crashes of child processes. It is strongly advised that users upgrade to version 2.4.68 to mitigate these risks.

Affected Version(s)

Apache HTTP Server 0 <= 2.4.67

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zhenpeng (Leo) Lin at depthfirst
.