9.1

CVE-2026-42535

Apache HTTP Server: mod_dav_fs protected directory access

A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes.

Users are recommended to upgrade to version 2.4.68, which fixes this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version < 2.4.68
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.54% 0.41
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/06/08/8
Third Party Advisory
Mailing List