CVE-2026-42535

CVE-2026-42535: Apache HTTP Server: mod_dav_fs protected directory access

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-668

Published June 8, 2026

Last update June 9, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

Key dates

Disclosure timeline

June 8, 2026 CVE published

June 9, 2026 Record updated