CVE-2026-24072

HIGH CVSS 8.8 View on NVD ↗

Description

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

apache/http_server

References

https://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2026/05/04/18

Published: May 04, 2026 13:16 UTC Modified: May 04, 2026 20:27 UTC