CVE Catalog

CVE-2026-42535

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

5th percentile — higher than 5% of all known CVEs

Summary

A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes.

Risk Assessment

Organizations may experience process crashes, which can affect the availability of WebDAV-based services.

Recommendation

Users are recommended to upgrade to version 2.4.68, which fixes this issue.

Original NVD description (English source)

A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS