{"id":"BIT-apache-2026-24072","summary":"Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr","details":"An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue.","aliases":["CVE-2026-24072"],"modified":"2026-05-05T09:30:23.146625Z","published":"2026-05-05T08:38:59.092Z","database_specific":{"severity":"High","cpes":["cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/05/04/18"},{"type":"WEB","url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24072"}],"affected":[{"package":{"name":"apache","ecosystem":"Bitnami","purl":"pkg:bitnami/apache"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.4.67"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2026-24072.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}],"schema_version":"1.7.5"}