Skip to main content

Apache HTTP Server CVE-2026-29167

| EUVDEUVD-2026-35086 CRITICAL
Use After Free (CWE-416)
2026-06-08 apache GHSA-85f4-9pxx-739j
Critical
Disputed · 9.8 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
5.3 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 09, 2026 - 16:30 vuln.today
CVSS changed
Jun 09, 2026 - 14:22 NVD
9.8 (CRITICAL)
CVE Published
Jun 08, 2026 - 15:07 nvd
CRITICAL 9.8
CVE Published
Jun 08, 2026 - 15:07 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration

This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

Users are recommended to upgrade to version 2.4.68, which fixes the issue.

AnalysisAI

Remote code execution in Apache HTTP Server versions 2.4.0 through 2.4.67 is possible through a use-after-free condition in mod_ldap when LDAP authentication or authorization is configured in a per-directory context. The CVSS 9.8 rating reflects unauthenticated network exploitation with high impact across confidentiality, integrity, and availability, though no public exploit has been identified at time of analysis and EPSS exploitation probability remains very low at 0.02%. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify httpd target with LDAP-protected path
Delivery
Send crafted request to per-directory LDAP scope
Exploit
Trigger use-after-free in mod_ldap
Install
Groom heap via repeated requests
C2
Corrupt freed LDAP structure
Execute
Hijack control flow in worker process
Impact
Execute code as httpd user

Vulnerability AssessmentAI

Exploitation Target Apache HTTP Server 2.4.0-2.4.67 must have mod_ldap loaded AND at least one LDAP-related directive (e.g., AuthLDAPURL, Require ldap-user/ldap-group, AuthLDAPBindDN) declared within a per-directory configuration context - <Directory>, <Location>, <Files>, or an .htaccess file - rather than at the main server or virtual-host scope. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals here are unusually mixed and warrant caution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker sends a sequence of crafted HTTP requests to a URL protected by an LDAP Require/Auth directive declared inside a <Directory> or <Location> block, triggering repeated per-directory config evaluation that frees and re-references an LDAP structure. By controlling request timing and content to influence what occupies the freed memory, the attacker corrupts internal state to crash the worker (denial of service) or potentially redirect execution for code execution as the httpd user. …
Remediation Vendor-released patch: Apache HTTP Server 2.4.68 - upgrade httpd to 2.4.68 or later, per the Apache advisory at https://httpd.apache.org/security/vulnerabilities_24.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Apache HTTP Server instances; identify those running 2.4.0-2.4.67 with mod_ldap enabled and LDAP authentication configured. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Module for Package Hub 15 SP7 Affected
SUSE Linux Enterprise Module for Server Applications 15 SP7 Affected

Share

CVE-2026-29167 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy