CVE-2026-24072HIGH 8.8EPSS p46.5%

CVE-2026-24072CVE-2026-24072

Description

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.65% probability of exploitation · percentile 46.5% · 2026-06-19T12:03:05Z
Published2026-05-04
Last modified2026-05-04

Underlying weaknesses· 1

CWE-269

References

  1. https://httpd.apache.org/security/vulnerabilities_24.html
  2. http://www.openwall.com/lists/oss-security/2026/05/04/18

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-44119
CVE
CVE-2026-34355
CVE
CVE-2026-44631
CVE
CVE-2026-42536
CVE
CVE-2026-34356
CVE
CVE-2026-42535
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.