Apache

vulnerabilities 2026-05-05
Apache httpd CVE-2026-23918: HTTP/2 Double-Free Puts Millions of Servers at RCE Risk
Critical double-free in mod_http2's early-reset path lets remote attackers crash or take over Apache 2.4.66. Patch shipped May 4 in 2.4.67.
apache httpd http2 cve-2026-23918 rce memory-corruption infrastructure

Apache httpd CVE-2026-23918: HTTP/2 Double-Free Puts Millions of Servers at RCE Risk