CVE-2026-23918

The repository contains a Python-based scanner for detecting CVE-2026-23918, a memory corruption flaw in Apache HTTP Server 2.4.66. It performs HTTP/2 handshake checks, version fingerprinting, and risk scoring but does not include exploit code.

This repository contains a functional Python-based proof-of-concept exploit for CVE-2026-23918, a double-free vulnerability in Apache HTTP Server 2.4.66's mod_http2 module. The exploit demonstrates a reliable DoS attack by triggering a race condition in stream cleanup, with additional detection modes for vulnerability scanning.

This repository contains a functional Python script (`h2ghost.py`) that detects CVE-2026-23918, a double-free vulnerability in Apache mod_http2. The exploit sends a crafted HTTP/2 request with HEADERS and RST_STREAM frames to trigger the vulnerability, which can lead to DoS or potential RCE in specific environments.

This repository contains a functional Python exploit for CVE-2026-23918, which triggers a double-free vulnerability in Apache HTTP Server 2.4.66 via HTTP/2 HEADERS + immediate RST_STREAM. The PoC demonstrates the vulnerability by sending crafted HTTP/2 frames to induce a double-free condition.

This repository contains a Python-based scanner for detecting CVE-2026-23918, a double-free vulnerability in Apache HTTP/2. The tool checks for vulnerable Apache versions, HTTP/2 support, and MPM type without attempting exploitation.

This repository provides a script to patch CVE-2026-23918, a double-free vulnerability in Apache HTTP Server 2.4.66 that could lead to RCE. The script automates system updates and service restarts but does not include exploit code.

This repository contains a functional PoC for CVE-2026-23918, a double-free vulnerability in Apache HTTP Server 2.4.66's mod_http2. The exploit triggers a race condition via rapid RST_STREAM frame sequencing, leading to a reliable DoS and potential RCE path.