VDB
ALPINE-CVE-2026-24072
ALPINE-CVE-2026-24072
PUBLISHED
CVSS 8.800000190734863 HIGH
An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.21 | apache2 | 0, 0, 2.4.9-r1 |
| Alpine:v3.24 | apache2 | 0 |
| Alpine:v3.22 | apache2 | 2.4.6-r3, 0, 2.2.16-r0 |
| Alpine:v3.20 | apache2 | 2.4.23-r8, 2.4.23-r7, 2.4.23-r6 |
| Alpine:v3.23 | apache2 | 2.4.23-r5, 2.4.23-r6, 2.4.23-r7 |
Timeline
- May 4, 2026 CVE Published
- May 5, 2026 Distribution Patch
- Jun 15, 2026 CVE Updated