UBUNTU-CVE-2026-24072
- Source
- https://ubuntu.com/security/CVE-2026-24072
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-24072.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-24072
- Upstream
- Downstream
- Related
- Published
- 2026-05-05T00:00:00Z
- Modified
- 2026-06-08T14:15:10.017183272Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.
- References
Affected packages
Ubuntu:22.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.52-1ubuntu4.20
Affected versions
2.*
2.4.48-3.1ubuntu3
2.4.48-3.1ubuntu4
2.4.51-2ubuntu1
2.4.52-1ubuntu1
2.4.52-1ubuntu2
2.4.52-1ubuntu4
2.4.52-1ubuntu4.1
2.4.52-1ubuntu4.2
2.4.52-1ubuntu4.3
2.4.52-1ubuntu4.4
2.4.52-1ubuntu4.5
2.4.52-1ubuntu4.6
2.4.52-1ubuntu4.7
2.4.52-1ubuntu4.8
2.4.52-1ubuntu4.9
2.4.52-1ubuntu4.10
2.4.52-1ubuntu4.11
2.4.52-1ubuntu4.12
2.4.52-1ubuntu4.13
2.4.52-1ubuntu4.14
2.4.52-1ubuntu4.15
2.4.52-1ubuntu4.16
2.4.52-1ubuntu4.18
2.4.52-1ubuntu4.19
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.52-1ubuntu4.20"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.52-1ubuntu4.20"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.52-1ubuntu4.20"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.52-1ubuntu4.20"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.52-1ubuntu4.20"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.52-1ubuntu4.20"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.52-1ubuntu4.20"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.52-1ubuntu4.20"
}
]
}Ubuntu:24.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.58-1ubuntu8.12
Affected versions
2.*
2.4.57-2ubuntu2
2.4.57-2ubuntu3
2.4.58-1ubuntu1
2.4.58-1ubuntu2
2.4.58-1ubuntu6
2.4.58-1ubuntu7
2.4.58-1ubuntu8
2.4.58-1ubuntu8.1
2.4.58-1ubuntu8.2
2.4.58-1ubuntu8.3
2.4.58-1ubuntu8.4
2.4.58-1ubuntu8.5
2.4.58-1ubuntu8.6
2.4.58-1ubuntu8.7
2.4.58-1ubuntu8.8
2.4.58-1ubuntu8.10
2.4.58-1ubuntu8.11
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.58-1ubuntu8.12"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.58-1ubuntu8.12"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.58-1ubuntu8.12"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.58-1ubuntu8.12"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.58-1ubuntu8.12"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.58-1ubuntu8.12"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.58-1ubuntu8.12"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.58-1ubuntu8.12"
}
]
}Ubuntu:25.10
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.64-1ubuntu3.4
Affected versions
2.*
2.4.63-1ubuntu1
2.4.63-1ubuntu3
2.4.64-1ubuntu2
2.4.64-1ubuntu3
2.4.64-1ubuntu3.2
2.4.64-1ubuntu3.3
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.64-1ubuntu3.4"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.64-1ubuntu3.4"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.64-1ubuntu3.4"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.64-1ubuntu3.4"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.64-1ubuntu3.4"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.64-1ubuntu3.4"
}
]
}Ubuntu:26.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.66-2ubuntu2.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.66-2ubuntu2.1"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.66-2ubuntu2.1"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.66-2ubuntu2.1"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.66-2ubuntu2.1"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.66-2ubuntu2.1"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.66-2ubuntu2.1"
}
]
}Ubuntu:Pro:14.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.6-2ubuntu2
2.4.6-2ubuntu3
2.4.6-2ubuntu4
2.4.7-1ubuntu1
2.4.7-1ubuntu2
2.4.7-1ubuntu3
2.4.7-1ubuntu4
2.4.7-1ubuntu4.1
2.4.7-1ubuntu4.4
2.4.7-1ubuntu4.5
2.4.7-1ubuntu4.6
2.4.7-1ubuntu4.7
2.4.7-1ubuntu4.8
2.4.7-1ubuntu4.9
2.4.7-1ubuntu4.10
2.4.7-1ubuntu4.11
2.4.7-1ubuntu4.13
2.4.7-1ubuntu4.15
2.4.7-1ubuntu4.16
2.4.7-1ubuntu4.17
2.4.7-1ubuntu4.18
2.4.7-1ubuntu4.19
2.4.7-1ubuntu4.20
2.4.7-1ubuntu4.21
2.4.7-1ubuntu4.22
2.4.7-1ubuntu4.22+esm1
2.4.7-1ubuntu4.22+esm2
2.4.7-1ubuntu4.22+esm3
2.4.7-1ubuntu4.22+esm4
2.4.7-1ubuntu4.22+esm5
2.4.7-1ubuntu4.22+esm6
2.4.7-1ubuntu4.22+esm8
2.4.7-1ubuntu4.22+esm9
2.4.7-1ubuntu4.22+esm10
2.4.7-1ubuntu4.22+esm12
2.4.7-1ubuntu4.22+esm13
Ecosystem specific
{
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "apache2-mpm-event",
"binary_version": "2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "apache2-mpm-itk",
"binary_version": "2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "apache2-mpm-prefork",
"binary_version": "2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "apache2-mpm-worker",
"binary_version": "2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "apache2-suexec",
"binary_version": "2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "apache2.2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "libapache2-mod-macro",
"binary_version": "1:2.4.7-1ubuntu4.22+esm13"
},
{
"binary_name": "libapache2-mod-proxy-html",
"binary_version": "1:2.4.7-1ubuntu4.22+esm13"
}
]
}Ubuntu:Pro:16.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=esm-infra-legacy%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.12-2ubuntu2
2.4.17-1ubuntu1
2.4.17-2ubuntu1
2.4.17-3ubuntu1
2.4.18-1ubuntu1
2.4.18-2ubuntu1
2.4.18-2ubuntu2
2.4.18-2ubuntu3
2.4.18-2ubuntu3.1
2.4.18-2ubuntu3.2
2.4.18-2ubuntu3.3
2.4.18-2ubuntu3.4
2.4.18-2ubuntu3.5
2.4.18-2ubuntu3.7
2.4.18-2ubuntu3.8
2.4.18-2ubuntu3.9
2.4.18-2ubuntu3.10
2.4.18-2ubuntu3.12
2.4.18-2ubuntu3.13
2.4.18-2ubuntu3.14
2.4.18-2ubuntu3.15
2.4.18-2ubuntu3.17
2.4.18-2ubuntu3.17+esm1
2.4.18-2ubuntu3.17+esm2
2.4.18-2ubuntu3.17+esm3
2.4.18-2ubuntu3.17+esm4
2.4.18-2ubuntu3.17+esm5
2.4.18-2ubuntu3.17+esm6
2.4.18-2ubuntu3.17+esm7
2.4.18-2ubuntu3.17+esm8
2.4.18-2ubuntu3.17+esm9
2.4.18-2ubuntu3.17+esm10
2.4.18-2ubuntu3.17+esm11
2.4.18-2ubuntu3.17+esm12
2.4.18-2ubuntu3.17+esm13
2.4.18-2ubuntu3.17+esm14
2.4.18-2ubuntu3.17+esm16
2.4.18-2ubuntu3.17+esm17
2.4.18-2ubuntu3.17+esm18
Ecosystem specific
{
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.18-2ubuntu3.17+esm18"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.18-2ubuntu3.17+esm18"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.18-2ubuntu3.17+esm18"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.18-2ubuntu3.17+esm18"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.18-2ubuntu3.17+esm18"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.18-2ubuntu3.17+esm18"
}
]
}Ubuntu:Pro:18.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.27-2ubuntu3
2.4.29-1ubuntu1
2.4.29-1ubuntu2
2.4.29-1ubuntu3
2.4.29-1ubuntu4
2.4.29-1ubuntu4.1
2.4.29-1ubuntu4.2
2.4.29-1ubuntu4.3
2.4.29-1ubuntu4.4
2.4.29-1ubuntu4.5
2.4.29-1ubuntu4.6
2.4.29-1ubuntu4.7
2.4.29-1ubuntu4.8
2.4.29-1ubuntu4.10
2.4.29-1ubuntu4.11
2.4.29-1ubuntu4.12
2.4.29-1ubuntu4.13
2.4.29-1ubuntu4.14
2.4.29-1ubuntu4.16
2.4.29-1ubuntu4.17
2.4.29-1ubuntu4.18
2.4.29-1ubuntu4.19
2.4.29-1ubuntu4.20
2.4.29-1ubuntu4.21
2.4.29-1ubuntu4.22
2.4.29-1ubuntu4.23
2.4.29-1ubuntu4.24
2.4.29-1ubuntu4.25
2.4.29-1ubuntu4.26
2.4.29-1ubuntu4.27
2.4.29-1ubuntu4.27+esm1
2.4.29-1ubuntu4.27+esm2
2.4.29-1ubuntu4.27+esm3
2.4.29-1ubuntu4.27+esm4
2.4.29-1ubuntu4.27+esm6
2.4.29-1ubuntu4.27+esm7
2.4.29-1ubuntu4.27+esm8
2.4.29-1ubuntu4.27+esm9
Ecosystem specific
{
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.29-1ubuntu4.27+esm9"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.29-1ubuntu4.27+esm9"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.29-1ubuntu4.27+esm9"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.29-1ubuntu4.27+esm9"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.29-1ubuntu4.27+esm9"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.29-1ubuntu4.27+esm9"
}
]
}Ubuntu:Pro:20.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=esm-infra%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.41-1ubuntu1
2.4.41-4ubuntu1
2.4.41-4ubuntu2
2.4.41-4ubuntu3
2.4.41-4ubuntu3.1
2.4.41-4ubuntu3.3
2.4.41-4ubuntu3.4
2.4.41-4ubuntu3.5
2.4.41-4ubuntu3.6
2.4.41-4ubuntu3.7
2.4.41-4ubuntu3.8
2.4.41-4ubuntu3.9
2.4.41-4ubuntu3.10
2.4.41-4ubuntu3.11
2.4.41-4ubuntu3.12
2.4.41-4ubuntu3.13
2.4.41-4ubuntu3.14
2.4.41-4ubuntu3.15
2.4.41-4ubuntu3.16
2.4.41-4ubuntu3.17
2.4.41-4ubuntu3.19
2.4.41-4ubuntu3.20
2.4.41-4ubuntu3.21
2.4.41-4ubuntu3.23
2.4.41-4ubuntu3.23+esm2
2.4.41-4ubuntu3.23+esm3
2.4.41-4ubuntu3.23+esm4
Ecosystem specific
{
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.41-4ubuntu3.23+esm4"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.41-4ubuntu3.23+esm4"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.41-4ubuntu3.23+esm4"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.41-4ubuntu3.23+esm4"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.41-4ubuntu3.23+esm4"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.41-4ubuntu3.23+esm4"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.41-4ubuntu3.23+esm4"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.41-4ubuntu3.23+esm4"
}
]
}