Primary

Context

Apache HTTP Server HTTP/2 Double Free and Possible Remote Code Execution Vulnerability

Vulnerability

Patched

A double free vulnerability with the potential for remote code execution has been identified in Apache HTTP Server 2.4.66, specifically within the HTTP/2 protocol handling. This vulnerability arises from improper memory management, which could be exploited under certain conditions.

Impact

Exploitation of this vulnerability can lead to a double free condition, which may be exploited to execute arbitrary code remotely, depending on the server's configuration and the nature of the injected payload.

Remediation

Users are advised to upgrade to Apache HTTP Server version 2.4.67, which addresses this vulnerability.

Added: May 4, 2026, 3:23 PM

Updated: May 4, 2026, 3:23 PM

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

7.5

exploitability

7.0

remediation

7.7

relevance

7.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

7.5

exploitability

7.0

remediation

7.7

relevance

7.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache HTTP Server HTTP/2 Double Free and Possible Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache HTTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating