8.8
CVE-2026-23918
- EPSS 49.73%
- Veröffentlicht 04.05.2026 14:44:28
- Zuletzt bearbeitet 30.06.2026 03:17:35
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache HTTP Server: http2: double free and possible RCE on early reset
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version2.4.66
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 49.73% | 0.988 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-1341 Multiple Releases of Same Resource or Handle
The product attempts to close or release a resource or handle more than once, without any successful open between the close operations.
CWE-415 Double Free
The product calls free() twice on the same memory address.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2026/05/04/19
https://access.redhat.com/errata/RHSA-2026:13938
https://access.redhat.com/security/cve/CVE-2026-23918
https://bugzilla.redhat.com/show_bug.cgi?id=2465304
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23918.json