CVE-2026-42535

Published: Jun 8, 2026Modified: Jun 9, 2026

Description

A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://httpd.apache.org/security/vulnerabilities_24.html

Source: security@apache.org

http://www.openwall.com/lists/oss-security/2026/06/08/8

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.