CVE-2026-48913

high Apache
CVSS v3 Base Score
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.0%
Exploitation probability in 30 days
Top 89% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
Low
Integrity
Low
Availability
Low
Published: June 8, 2026 (31 days ago)
Last Modified: June 10, 2026
Vendor: Apache
Source: NVD

Description

Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67.

CWE

CWE-416

Affected Products

apache http server

References