Primary

Context

Apache HTTP Server Privilege Escalation Vulnerability in mod_rewrite

Vulnerability

Patched

A privilege escalation vulnerability has been identified in Apache HTTP Server in versions through 2.4.66. This issue allows local .htaccess authors to read files with the privileges of the httpd user. The vulnerability arises from improper handling of directives in the mod_rewrite module, which can be exploited to access restricted files.

Impact

Exploitation of this vulnerability could lead to unauthorized access to files with the privileges of the httpd user, potentially allowing for sensitive information disclosure or further privilege escalation.

Remediation

Users are advised to upgrade to Apache HTTP Server version 2.4.67, which addresses this vulnerability.

Added: May 4, 2026, 1:18 PM

Updated: May 4, 2026, 1:18 PM

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

4.0

remediation

7.7

relevance

7.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

4.0

remediation

7.7

relevance

7.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache HTTP Server Privilege Escalation Vulnerability in mod_rewrite

Vulnerability

Impact

Remediation

Affected Products

Apache HTTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating