CVE-2026-44119

CVE-2026-44119: Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-269

Published June 8, 2026

Last update June 9, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Key dates

Disclosure timeline

June 8, 2026 CVE published

June 9, 2026 Record updated