CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-23918

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Exploit prediction scoring system (EPSS) score

CVSS Severity

CVSS v3 Score 8.8

References

https://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2026/05/04/19

Products affected by CVE-2026-23918

Apache » Http Server » Version: 2.4.66

cpe:2.3:a:apache:http_server:2.4.66

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-23918

Products

Pricing

Contact Us