Apache HTTP Server: escalation of privilege through expressions in .htaccess...

5.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.

This issue affects Apache HTTP Server: from through 2.4.67.

Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Basic Information

ID CVE-2026-44119

Source apache

Published Jun 8, 2026 at 15:17

Modified Jun 9, 2026 at 11:57

Affected Product

Vendor Apache Software Foundation

Product Apache HTTP Server

Version 2.4.0

Affected Versions Apache Software Foundation Apache HTTP Server 2.4.0

CWE Classification

CWE-269

References

httpd.apache.org /security/vulnerabilities_24.html

{
    "lastseen": "",
    "description": "Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.\n\nThis issue affects Apache HTTP Server: from through 2.4.67.\n\nUsers are recommended to upgrade to version 2.4.68, which fixes the issue.",
    "published": "2026-06-08T15:17:31.939Z",
    "modified": "2026-06-09T11:57:10.824Z",
    "type": "cve",
    "title": "Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules",
    "source": "apache",
    "references": "https://httpd.apache.org/security/vulnerabilities_24.html",
    "id": "CVE-2026-44119",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache HTTP Server 2.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache HTTP Server",
    "version": "2.4.0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules_CVE-2026-44119