A Vulnerability in Apache HTTP Server Could Allow for Remote Code Execution
ID: e114c2c5-16ec-5738-8f6c-ec9a42343f66
STIX ID: report--e114c2c5-16ec-5738-8f6c-ec9a42343f66
Feed Name: CISecurity.org Advisories
Threat Score
A double-free vulnerability (CVE-2026-23918) in Apache httpd 2.4.66's mod_http2 can be induced by a crafted HTTP/2 sequence to cause worker crashes (denial of service) and, on systems using APR with mmap—commonly found on Debian and some official Docker images—may be leveraged for remote code execution.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.