CVE-2026-44119 | THREATINT

Description

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

PUBLISHED Reserved 2026-05-05 | Published 2026-06-08 | Updated 2026-06-09 | Assigner apache

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

unaffected

2.4.0 (semver)

affected

Timeline

2026-05-05:	reported
2026-06-05:	fixed in 2.4.x by r1935017
2026-06-08:	2.4.68 released

Credits

Lucian Nitescu finder

as3617 (@real_as3617) at ENKI Whitehat finder

Zhang San finder

Martin Petrák finder

joaovicdev finder

Rooting | Lucas Torres finder

R4mbb of KRsecurity finder

gggggggga@Xiaomi ShadowBlade Security Lab finder

NikKrian of H3C Security Center(h3c.com) finder

lokerxx finder

References

www.openwall.com/lists/oss-security/2026/06/08/11

httpd.apache.org/security/vulnerabilities_24.html vendor-advisory

cve.org (CVE-2026-44119)

nvd.nist.gov (CVE-2026-44119)

Download JSON

help @ threatint.eu