CVE Catalog

CVE-2026-29167

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

4th percentile — higher than 4% of all known CVEs

Summary

A Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration may lead to unauthorized memory access. This issue affects Apache HTTP Server versions from 2.4.0 through 2.4.67.

Risk Assessment

Organizations may be exposed to attacks that exploit this vulnerability to gain access to sensitive data or execute unauthorized code.

Recommendation

It is recommended to upgrade to version 2.4.68, which fixes the issue.

Original NVD description (English source)

Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS