Vulnerabilities3 min read
Apache HTTP/2 Double-Free Bug Enables DoS and RCE on Default Installs
CVE-2026-23918 in Apache 2.4.66 lets attackers crash servers or achieve code execution with just two HTTP/2 frames. Upgrade to 2.4.67 immediately.
Marcus ChenMay 6, 2026