CVE-2026-24072

HIGH8.8EPSS 0.02%

Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

發布日:2026/5/4修改日:2026/5/5

也稱為:ALPINE-CVE-2026-24072BIT-apache-2026-24072

描述

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

受影響套件(3)

Alpine/apache2from 0, < 2.4.67-r0
Bitnami/apachefrom 0, < 2.4.67
Debian/apache2from 0, < 2.4.67-1~deb11u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(5)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2026-24072
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-24072
WEBhttps://httpd.apache.org/security/vulnerabilities_24.html
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2026-24072
WEBhttp://www.openwall.com/lists/oss-security/2026/05/04/18