CVE 9.1 CRITICAL

Apache HTTP Server: mod_dav_fs protected directory access_CVE-2026-42535

June 9, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Description

A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes.

Users are recommended to upgrade to version 2.4.68, which fixes this issue.

AI Analysis

Path handling issue allowing WebDAV content authors to manipulate trusted DAV property databases

Basic Information

ID CVE-2026-42535

Source apache

Published Jun 8, 2026 at 15:14

Modified Jun 9, 2026 at 12:13

Affected Product

Vendor Apache Software Foundation

Product Apache HTTP Server

Version 2.4.67 and earlier

Affected Versions Apache Software Foundation Apache HTTP Server 0

CWE Classification

CWE-668

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Apache Foundation

Product Apache HTTP Server

Version 2.4.67 and earlier

References

httpd.apache.org /security/vulnerabilities_24.html

{
    "lastseen": "",
    "description": "A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier\u00a0allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes.\n\nUsers are recommended to upgrade to version 2.4.68, which fixes this issue.",
    "published": "2026-06-08T15:14:49.189Z",
    "modified": "2026-06-09T12:13:11.748Z",
    "type": "cve",
    "title": "Apache HTTP Server: mod_dav_fs protected directory access",
    "source": "apache",
    "references": "https://httpd.apache.org/security/vulnerabilities_24.html",
    "id": "CVE-2026-42535",
    "bulletinFamily": "",
    "cwe": [
        "CWE-668"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache HTTP Server 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache HTTP Server",
    "version": "2.4.67 and earlier",
    "vendor": "Apache Software Foundation",
    "ai_description": "Path handling issue allowing WebDAV content authors to manipulate trusted DAV property databases",
    "ai_severity": "Critical",
    "ai_vendor": "Apache Foundation",
    "ai_product": "Apache HTTP Server",
    "ai_version": "2.4.67 and earlier",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply