Finding #42 — CVE-2026-44119
| Inventory item | apache-test 2.4.37 (software, apache) |
|---|---|
| Title | CVE-2026-44119: Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the htt |
| Match | cpe / confidence high |
| Status | new |
| First seen | 2026-06-11T07:35:12Z |
| Last updated | 2026-06-11T07:35:12Z |
| CVE | CVE-2026-44119 |
| CVSS | 5.5 (MEDIUM)CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Description | Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue. |
| Source advisory | CVE-2026-44119: Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the htt Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue. |
| References | https://httpd.apache.org/security/vulnerabilities_24.html http://www.openwall.com/lists/oss-security/2026/06/08/11 |