Severity: moderate Affected versions:
- Apache HTTP Server 2.4.0 through 2.4.67 Description: Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue. Credit: Lucian Nitescu (finder) as3617 (@real_as3617) at ENKI Whitehat (finder) Zhang San (finder) Martin PetrĂ¡k (finder) joaovicdev (finder) Rooting | Lucas Torres (finder) R4mbb of KRsecurity (finder) gggggggga@Xiaomi ShadowBlade Security Lab (finder) NikKrian of H3C Security Center(h3c.com) (finder) lokerxx (finder) References: https://httpd.apache.org/security/vulnerabilities_24.html https://httpd.apache.org/ https://www.cve.org/CVERecord?id=CVE-2026-44119 Timeline: 2026-05-05: reported 2026-06-05: fixed in 2.4.x by r1935017 2026-06-08: 2.4.68 released
