Vulnerability CVE-2026-23918: Information

Description

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
URL: https://nvd.nist.gov/vuln/detail/CVE-2026-23918
Published: May 4, 2026
Modified: May 4, 2026
Error type identifier: CWE-415

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.67-alt12.4.67-alt1ALT-PU-2026-7150-4417200Fixed
apache2sisyphus_e2k2.4.67-alt12.4.67-alt1ALT-PU-2026-7624-1-Fixed
apache2sisyphus_riscv642.4.67-alt12.4.67-alt1ALT-PU-2026-7538-1-Fixed
apache2sisyphus_loongarch642.4.67-alt12.4.67-alt1ALT-PU-2026-7484-1-Fixed
apache2p112.4.67-alt12.4.67-alt1ALT-PU-2026-7156-4417202Fixed
apache2p102.4.67-alt12.4.67-alt1ALT-PU-2026-7231-3417203Fixed
apache2p10_e2k2.4.67-alt12.4.67-alt1ALT-PU-2026-7870-1-Fixed
apache2c10f22.4.67-alt12.4.67-alt1ALT-PU-2026-7158-4417204Fixed
apache2c9f22.4.67-alt12.4.67-alt1ALT-PU-2026-7193-4417205Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://httpd.apache.org/security/vulnerabilities_24.html
  • Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/05/04/19
  • Mailing List
  • Third Party Advisory
BDU:2026-06305
      1. cpe:2.3:a:apache:http_server:2.4.66:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top