CVE-2026-44119

Published: Jun 8, 2026Modified: Jun 11, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Affected (1)

Products: Apache: Http Server

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 2.4.0 to 2.4.68

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://httpd.apache.org/security/vulnerabilities_24.html

Source: security@apache.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2026/06/08/11

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.