CVE-2026-23918: Apache HTTP Server HTTP/2 Double Free With Possible RCE
ID: 21a2a5b8-4512-5f63-a83e-0afd4e931795
STIX ID: report--21a2a5b8-4512-5f63-a83e-0afd4e931795
Feed Name: SOCRadar Blog
Threat Score
CVE-2026-23918 is a high-severity double-free vulnerability in Apache HTTP Server's HTTP/2 code (confirmed in 2.4.66, CVSS 8.8) that can lead to DoS or possible remote code execution; administrators should upgrade to Apache httpd 2.4.67 or disable HTTP/2 and monitor for httpd child crashes and unusual HTTP/2 behavior.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.