CVE-2026-24072

HIGH

Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-24072. PoCs published by EricRHancock-coder.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-24072, a local privilege escalation vulnerability in Apache HTTP Server 2.4.66 and earlier. It includes root cause analysis, patch diffs, and an explanation of how the `AP_EXPR_FLAG_RESTRICTED` flag mitigates the issue.

Description

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Exploits (1)

nomisec WRITEUP
by EricRHancock-coder · poc
https://github.com/EricRHancock-coder/CVE-2026-24072-Analysis

This repository provides a detailed technical analysis of CVE-2026-24072, a local privilege escalation vulnerability in Apache HTTP Server 2.4.66 and earlier. It includes root cause analysis, patch diffs, and an explanation of how the `AP_EXPR_FLAG_RESTRICTED` flag mitigates the issue.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Apache HTTP Server 2.4.66 and earlier
No auth needed
Prerequisites: Local write access to a directory served by Apache
devstral-2 · analyzed May 06, 2026 Full analysis →

References (2)

Core 2
Core References

Scores

CVSS v3 8.8
EPSS 0.0002
EPSS Percentile 5.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-269
Status published
Products (2)
apache/http_server < 2.4.67
Apache Software Foundation/Apache HTTP Server < 2.4.66
Published May 04, 2026
Tracked Since May 04, 2026