Security Affairs
Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE
ATT&CK techniques detected
T1190Exploit Public-Facing Application
34%
“double - free flaw in apache httpd 2. 4. 66 ’ s mod _ http2, triggered by a crafted http / 2 sequence that causes the same stream to be cleaned up twice, leading to memory corruption. this can easily result in denial of service, crashing worker processes with minimal effort. in c…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution. The Apache Software Foundation has released updates to fix multiple vulnerabilities in its HTTP Server, including CVE-2026-23918 (CVSS score of 8.8). The issue involves a “double free” error in HTTP/2 handling […]