Jump to the main content block

【Vulnerability Alert】Apache HTTP Server Has High-Risk Security Vulnerabilities (CVE-2026-23918, CVE-2026-29167, and CVE-2026-44631). Please Confirm and Apply Patches as Soon as Possible.

publish date : 2026-07-03 update date : 2026-07-03

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026062903064848 Publication Time 2026-06-29 15:24:49
Incident Type ANA-Vulnerability Alert Discovery Time 2026-06-29 15:24:49
Impact Level Middle  
[Subject]
【Vulnerability Alert】Apache HTTP Server Has High-Risk Security Vulnerabilities (CVE-2026-23918, CVE-2026-29167, and CVE-2026-44631). Please Confirm and Apply Patches as Soon as Possible.
[Content]

Forwarded from the National Institute of Cyber Security Security Advisory NISAC-200-202606-00000013

Researchers have discovered that Apache HTTP Server has three high-risk security vulnerabilities (CVE-2026-23918, CVE-2026-29167, and CVE-2026-44631). The types include Double Free, Use After Free, and Buffer Overflow vulnerabilities. The most severe vulnerability may allow an authenticated remote attacker to execute arbitrary code. Please confirm and apply patches as soon as possible.

Information Sharing Level: WHITE (the intelligence content is information that may be publicly disclosed)

[Affected Platform]

Apache HTTP Server 2.4.66

Apache HTTP Server versions 2.4.0 to 2.4.67

[Recommended Actions]

The official source has released fix updates for the vulnerabilities. Please refer to the official instructions to perform the update. The URL is as follows:

https://httpd.apache.org/security/vulnerabilities_24.html

[Reference]

1. https://httpd.apache.org/security/vulnerabilities_24.html
2. https://nvd.nist.gov/vuln/detail/CVE-2026-23918
3. https://nvd.nist.gov/vuln/detail/CVE-2026-29167
4. https://nvd.nist.gov/vuln/detail/CVE-2026-44631

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num: