CVE-2026-23918

This is a functional exploit for CVE-2026-23918, a double-free vulnerability in Apache HTTP Server 2.4.66's mod_http2. It triggers a race condition by rapidly sending HEADERS and RST_STREAM frames, causing a denial of service (DoS) via SIGSEGV.

This repository contains a functional exploit for CVE-2026-23918, a double-free vulnerability in Apache httpd mod_http2 leading to pre-authentication remote code execution. The exploit includes a Docker environment for testing, a helper script to extract memory addresses, and a Python-based PoC that triggers the vulnerability to achieve RCE.

This repository contains functional exploit code for CVE-2026-23918, a double-free vulnerability in Apache HTTP Server 2.4.66's mod_http2 module. The PoC includes both a single-target DoS script and a mass-target tool that triggers the vulnerability by sending rapid RST_STREAM frames, leading to server crashes.

The repository contains a Python-based scanner for detecting CVE-2026-23918, a memory corruption flaw in Apache HTTP Server 2.4.66. It performs HTTP/2 handshake checks, version fingerprinting, and risk scoring but does not include exploit code.

This repository contains a functional Python-based proof-of-concept exploit for CVE-2026-23918, a double-free vulnerability in Apache HTTP Server 2.4.66's mod_http2 module. The exploit demonstrates a reliable DoS attack by triggering a race condition in stream cleanup, with additional detection modes for vulnerability scanning.

This repository contains a functional exploit for CVE-2026-23918, a double-free vulnerability in Apache httpd mod_http2 leading to pre-authentication remote code execution. The exploit includes a Python-based PoC that leverages memory corruption to achieve RCE, along with a helper script to extract necessary memory addresses from the target process.

This repository provides defensive audit tools for detecting CVE-2026-23918 and related CVEs in Apache HTTP Server. It includes scripts for passive external scanning (banner grabbing and ALPN negotiation) and local host auditing to determine vulnerability status without exploiting the vulnerabilities.

This repository contains a functional PoC for CVE-2026-23918, a double-free vulnerability in Apache HTTP Server 2.4.66 with mod_http2. The exploit sends HEADERS followed by RST_STREAM frames to trigger heap corruption, potentially leading to RCE.

This repository provides a detailed technical analysis and detection guidance for CVE-2026-23918, a double-free vulnerability in Apache HTTP Server's mod_http2 module. It includes detection rules for Suricata, ModSecurity, auditd, and YARA, along with mitigation steps and exploit mechanics.

This repository contains a functional Python script (`h2ghost.py`) that detects CVE-2026-23918, a double-free vulnerability in Apache mod_http2. The exploit sends a crafted HTTP/2 request with HEADERS and RST_STREAM frames to trigger the vulnerability, which can lead to DoS or potential RCE in specific environments.

This repository contains a functional Python exploit for CVE-2026-23918, which triggers a double-free vulnerability in Apache HTTP Server 2.4.66 via HTTP/2 HEADERS + immediate RST_STREAM. The PoC demonstrates the vulnerability by sending crafted HTTP/2 frames to induce a double-free condition.

This repository contains a Python-based scanner for detecting CVE-2026-23918, a double-free vulnerability in Apache HTTP/2. The tool checks for vulnerable Apache versions, HTTP/2 support, and MPM type without attempting exploitation.

This repository provides a script to patch CVE-2026-23918, a double-free vulnerability in Apache HTTP Server 2.4.66 that could lead to RCE. The script automates system updates and service restarts but does not include exploit code.

This repository contains a functional PoC for CVE-2026-23918, a double-free vulnerability in Apache HTTP Server 2.4.66's mod_http2. The exploit triggers a race condition via rapid RST_STREAM frame sequencing, leading to a reliable DoS and potential RCE path.