Apache HTTP Server 2.4.66 — HTTP/2 double-free RCE (CVSS 8.8)
cve · CVE-2026-23918
Coverage timeline
1
first 2026-05-06 → last 2026-05-06
Briefs
1
1 distinct
Sources cited
4
4 hosts
Sections touched
1
active_vulns
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-06CTI Daily Brief — 2026-05-06
Where this entity is cited
- active_vulns1
Source distribution
- cert.ssi.gouv.fr1 (25%)
- httpd.apache.org1 (25%)
- securityweek.com1 (25%)
- thehackernews.com1 (25%)
External references
All cited sources (4)
- thehackernews.comprimaryinlineTHNhttps://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html
- cert.ssi.gouv.frinlineCERT-FR CERTFR-2026-AVI-0530https://www.cert.ssi.gouv.fr/
- httpd.apache.orginlineApache HTTP Server security pagehttps://httpd.apache.org/security/vulnerabilities_24.html
- securityweek.cominlineSecurityWeek, 2026-05-05https://www.securityweek.com/critical-high-severity-vulnerabilities-patched-in-apache-mina-http-server/
Items in briefs about Apache HTTP Server 2.4.66 — HTTP/2 double-free RCE (CVSS 8.8)
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.