Vulnerability intelligence
CVE-2026-23918
Official description is being retrieved from NVD — refresh shortly.
CVSS Score
8.8
High
EPSS — Exploit Probability
0.0%
Riskier than 0% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
Patch available
Vendor fix published
3 articles across 3 outlets · first covered May 5, 2026 · latest May 6, 2026
Coverage timeline
-
Apache fixes HTTP/2 double‑free bug that could lead to RCEsecurityaffairs.com · May 6, 2026
-
Apache HTTP Server patches critical HTTP/2 flaw CVE-2026-23918thehackernews.com · May 5, 2026
-
Apache patches HTTP Server and MINA flaws, warns of RCE riskwww.securityweek.com · May 5, 2026