“critical apache http / 2 flaw ( cve - 2026 - 23918 ) enables dos and potential rce the apache software foundation ( asf ) has released security updates to address several security vulnerabilities in the http server, including a severe vulnerability that could potentially lead to …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
59%
“a fixed address for the lifetime of the server, even with aslr, which is what makes the rce path practical. the usual caveats apply : practical exploitation requires an info leak for system ( ) and the scoreboard offsets, and the heap spray is probabilistic, but in lab conditions…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
42%
“details of the vulnerability are below - cve - 2026 - 23918 is a double - free in apache httpd 2. 4. 66 mod _ http2, specifically in the stream cleanup path of h2 _ mplx. c. the bug triggers when a client sends an http / 2 headers frame immediately followed by rst _ stream with a…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE).
The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of "double free and possible RCE" in the HTTP/2 protocol handling. This issue