{"api_version":"1","generated_at":"2026-05-13T06:36:42+00:00","cve":"CVE-2026-24072","urls":{"html":"https://cve.report/CVE-2026-24072","api":"https://cve.report/api/cve/CVE-2026-24072.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-24072","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-24072"},"summary":{"title":"Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr","description":"An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue.","state":"PUBLISHED","assigner":"apache","published_at":"2026-05-04 13:16:00","updated_at":"2026-05-04 20:27:50"},"problem_types":["CWE-269","CWE-269 CWE-269 Improper Privilege Management"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://httpd.apache.org/security/vulnerabilities_24.html","name":"https://httpd.apache.org/security/vulnerabilities_24.html","refsource":"security@apache.org","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/18","name":"http://www.openwall.com/lists/oss-security/2026/05/04/18","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24072","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24072","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache HTTP Server","version":"affected 2.4.66 semver","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-01-20T08:40:00.000Z","lang":"en","value":"Report received"},{"source":"CNA","time":"2026-05-04T12:00:00.000Z","lang":"en","value":"fixed in 2.4.x by r1933350"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"y7syeu","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"24072","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"http_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"24072","cve":"CVE-2026-24072","epss":"0.000650000","percentile":"0.198520000","score_date":"2026-05-05","updated_at":"2026-05-06 00:08:09"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2026-05-04T17:32:36.948Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"http://www.openwall.com/lists/oss-security/2026/05/04/18"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-24072","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-04T13:05:30.315916Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-04T18:23:43.614Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Apache HTTP Server","vendor":"Apache Software Foundation","versions":[{"lessThanOrEqual":"2.4.66","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"y7syeu"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.<br><br>Users are recommended to upgrade to version 2.4.67, which fixes this issue."}],"value":"An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue."}],"metrics":[{"other":{"content":{"text":"moderate"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269 Improper Privilege Management","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-04T12:37:57.673Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"tags":["vendor-advisory"],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"}],"source":{"discovery":"UNKNOWN"},"timeline":[{"lang":"en","time":"2026-01-20T08:40:00.000Z","value":"Report received"},{"lang":"en","time":"2026-05-04T12:00:00.000Z","value":"fixed in 2.4.x by r1933350"}],"title":"Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2026-24072","datePublished":"2026-05-04T12:37:57.673Z","dateReserved":"2026-01-21T12:37:38.184Z","dateUpdated":"2026-05-04T18:23:43.614Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-04 13:16:00","lastModifiedDate":"2026-05-04 20:27:50","problem_types":["CWE-269","CWE-269 CWE-269 Improper Privilege Management"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.67","matchCriteriaId":"8FF781BA-CF81-400B-A155-4DAE0BD856EE"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"24072","Ordinal":"1","Title":"Apache HTTP Server: mod_rewrite elevation of privileges via ap_e","CVE":"CVE-2026-24072","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"24072","Ordinal":"1","NoteData":"An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue.","Type":"Description","Title":"Apache HTTP Server: mod_rewrite elevation of privileges via ap_e"}]}}}