Several vulnerabilities in #Apache HTTP Server 2.4 have been fixed in release 2.4.67. The most severe of these are:

- CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset

- CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

- CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack

https://httpd.apache.org/security/vulnerabilities_24.html

#CVE_2026_23918 #CVE_2026_24072 #CVE_2026_33006 #infosec #cybersecurity