vulnerability context

CVE-2026-44119

CVSS 5.5 MEDIUMEPSS 6.7%CWE-269OTX 10 pulses

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Published 2026-06-08 · last modified 2026-06-17

details

CISA KEV status: Not in catalog
CVSS v3: 5.5 / MEDIUM
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS: 6.7% percentile (score 0.0017)
CWE: CWE-269
OTX pulses: 10 total, 0 recent

View on NVD → · cve.org

source mentions 2

CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modulesMSRC Update Guide · 13d ago
CVE-2026-44119: Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modulesoss-security · 16d ago

source consensus

MSRC Update Guide1×
oss-security1×

Want the 3-bullet summary of CVE-2026-44119, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →