Primary

Context

Apache HTTP Server mod_authn_socache NULL Pointer Dereference Vulnerability Allowing Denial-of-Service

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in the mod_authn_socache module of Apache HTTP Server. This issue affects versions 2.4.66 and earlier. The vulnerability allows an unauthenticated remote user to crash a child process, specifically in a caching forward proxy configuration.

Impact

Exploitation of this vulnerability leads to a crash of the Apache HTTP Server child process, causing a denial-of-service condition.

Remediation

Users are advised to upgrade to Apache HTTP Server version 2.4.67, which addresses this vulnerability.

Added: May 4, 2026, 3:20 PM

Updated: May 4, 2026, 3:20 PM

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

7.6

remediation

7.7

relevance

7.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

7.6

remediation

7.7

relevance

7.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache HTTP Server mod_authn_socache NULL Pointer Dereference Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Apache HTTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating