Apache HTTP Server 2.4.67 fixes multiple vulnerabilities, but new issues continue to appear

A computer security forum focused on cybersecurity, system hardening, network protection, vulnerability analysis, privacy, and best practices for securing servers, applications, and infrastructure.
Forum rules
Post Reply
NetGuru
Posts: 56
Joined: Thu Apr 23, 2026 5:29 pm

Apache HTTP Server 2.4.67 fixes multiple vulnerabilities, but new issues continue to appear

Post by NetGuru »

Apache HTTP Server 2.4.67 fixes several security issues in Apache 2.4.66 and earlier. The most serious issue is CVE-2026-23918, a HTTP/2 double-free vulnerability with possible remote code execution.


Apache has released Apache HTTP Server 2.4.67 as an important security update. The update fixes multiple vulnerabilities affecting Apache 2.4.66 and earlier versions.

The most critical issue in this update is CVE-2026-23918. It affects Apache’s HTTP/2 handling and is described as a double-free vulnerability with possible remote code execution. This is especially important for public HTTPS servers where HTTP/2 is enabled.

Other vulnerabilities affect modules such as mod_proxy_ajp, mod_auth_digest, mod_authn_socache, mod_dav_lock, mod_md and mod_rewrite. Depending on the server configuration, the impact may include denial of service, authentication bypass, privilege issues, memory disclosure or crashes.

Affected software:
  • Apache HTTP Server 2.4.66 and earlier
Fixed version:
  • Apache
login to view the rest of this post
Top

This topic has 1 more reply

You must be a registered member and logged in to view the replies in this topic.


Register Login
 
Post Reply

Return to “Security”