CVE-2026-44119
Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules
5.5
MEDIUM
CVSS 3.1
Description
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.
How to fix CVE-2026-44119
To remediate CVE-2026-44119, upgrade the affected package to a fixed version below.
- Bitnami/apache—upgrade to 2.4.68 or later
- —no fix listed
Is CVE-2026-44119 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-44119.
Affected packages (2)
- >= 2.4.0, < 2.4.68
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| nvd | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |