{“lastseen”:””,”description”:”An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.\\n\\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue.”,”published”:”2026-05-04T12:37:57.673Z”,”modified”:”2026-05-04T18:23:43.614Z”,”type”:”cve”,”title”:”Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr”,”source”:”apache”,”references”:”https:\/\/httpd.apache.org\/security\/vulnerabilities_24.html”,”id”:”CVE-2026-24072″,”bulletinFamily”:””,”cwe”:[“CWE-269″],”cvelist”:null,”sourceData”:”Apache Software Foundation Apache HTTP Server 0″,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Apache HTTP Server”,”version”:”2.4.66 and earlier”,”vendor”:”Apache Software Foundation”,”ai_description”:”Escalation of privilege bug in Apache HTTP Server via mod_rewrite elevation of privileges”,”ai_severity”:”High”,”ai_vendor”:”Apache Foundation”,”ai_product”:”Apache HTTP Server”,”ai_version”:”2.4.66 and earlier”,”ai_score”:8.8}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,41,12,15,13,7,11,5],"class_list":["post-51336","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n