Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-29167

Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

View on NVD

Analysis

A critical Use After Free vulnerability has been identified in Apache HTTP Server (mod_ldap) affecting versions 2.4.0 through 2.4.67. This vulnerability could lead to remote code execution or complete system compromise in environments using LDAP for per-directory authentication. Upgrading to version 2.4.68 is highly recommended.

Relevant roles

BackendLinuxDockerCyberSecurityCloudPhp

Severity

Score: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-416

EPSS

Probability of exploitation (next 30 days): 0.0002 (0.0%)
Percentile: 4.2%
EPSS: 2026-06-09

Affects

apache:http_server

Technical description

Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Published: 6/8/2026, 4:16:37 PM
Last modified: 6/9/2026, 4:29:16 PM

References

HomeEventsBlogResourcesTeam