Vulnerabilities4 min read
Apache HTTP/2 Double-Free Enables DoS and RCE
CVE-2026-23918 in Apache HTTP Server 2.4.66 lets attackers crash workers trivially or achieve remote code execution through a double-free in mod_http2. Upgrade to 2.4.67 immediately.
Marcus ChenMay 23, 2026