cybercrime.clubhttps://cybercrime.club/tags/http2/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usTue, 05 May 2026 23:10:07 -0400Apache httpd CVE-2026-23918: HTTP/2 Double-Free Puts Millions of Servers at RCE Riskhttps://cybercrime.club/posts/apache-httpd-cve-2026-23918-http2-double-free-rce/Tue, 05 May 2026 23:10:07 -0400https://cybercrime.club/posts/apache-httpd-cve-2026-23918-http2-double-free-rce/Critical double-free in mod_http2's early-reset path lets remote attackers crash or take over Apache 2.4.66. Patch shipped May 4 in 2.4.67.vulnerabilities