VDB

ALPINE-CVE-2026-24072

ALPINE-CVE-2026-24072 PUBLISHED CVSS 8.800000190734863 HIGH

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.21apache20, 0, 2.4.9-r1
Alpine:v3.24apache20
Alpine:v3.22apache22.4.6-r3, 0, 2.2.16-r0
Alpine:v3.20apache22.4.23-r8, 2.4.23-r7, 2.4.23-r6
Alpine:v3.23apache22.4.23-r5, 2.4.23-r6, 2.4.23-r7

Timeline

  • May 4, 2026 CVE Published
  • May 5, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›