CVE-2026-24072
- Source
- https://cve.org/CVERecord?id=CVE-2026-24072
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-24072.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-24072
- Aliases
- Downstream
- Related
- Published
- 2026-05-04T12:37:57.673Z
- Modified
- 2026-06-24T09:14:08.582283409Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
- Details
-
An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.
Users are recommended to upgrade to version 2.4.67, which fixes this issue.
- Database specific
{ "cwe_ids": [ "CWE-269" ], "cna_assigner": "apache", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24072.json", "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "2.4.66" } ], "source": "AFFECTED_FIELD" } ] }- References
Affected packages
Git / github.com/apache/httpd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/httpd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "fixed": "2.4.67" } ], "source": "CPE_FIELD", "cpe": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }