{"vulnerability": "CVE-2026-23918", "sightings": [{"uuid": "412277f4-d2ca-48f6-b880-681b2f191cbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23918", "type": "seen", "source": "https://infosec.exchange/users/harrysintonen/statuses/116517446102524326", "content": "Several vulnerabilities in #Apache HTTP Server 2.4 have been fixed in release 2.4.67. The most severe of these are:\n- CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset\n- CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr\n- CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack\nhttps://httpd.apache.org/security/vulnerabilities_24.html\n#CVE_2026_23918 #CVE_2026_24072 #CVE_2026_33006 #infosec #cybersecurity", "creation_timestamp": "2026-05-04T17:18:52.927565Z"}, {"uuid": "fec581d5-ea41-4c2c-9a3c-2474400818a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23918", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml23ey76qf2z", "content": "\ud83d\udfe0 CVE-2026-23918 - High (8.8)\n\nDouble Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.\n\nThis ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-23918/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T16:22:24.480065Z"}, {"uuid": "1ce6f8ad-1df6-467e-a1fa-81959c8c1e9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23918", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2a7f5yvr2e", "content": "CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset", "creation_timestamp": "2026-05-04T17:48:44.658063Z"}, {"uuid": "71374c87-71f4-42dd-90f7-2dad8c556b5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23918", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3ml2ljesytc2o", "content": "Apache HTTP Server\u306e\u8106\u5f31\u6027(Important: CVE-2026-23918, Moderate: CVE-2026-24072, CVE-2026-33006, Low:\u8907\u6570)\u30682.4.67\u30ea\u30ea\u30fc\u30b9\n\n#sios_tech #security #vulnerability #\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 #\u8106\u5f31\u6027 #apache #struts\n\nsecurity.sios.jp/vulnerabilit...", "creation_timestamp": "2026-05-04T21:11:14.606959Z"}, {"uuid": "972af01d-8151-4f89-a307-a7f1ffcb9034", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23918", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3ml3cthchsr2i", "content": "Critical Apache HTTP Server Flaw Exposes Millions of Servers to RCE Attacks: A Technical Deep Dive into CVE-2026-23918 +\u00a0Video\n\nIntroduction: A critical remote code execution (RCE) vulnerability, designated CVE-2026-23918 and rated High with a CVSS base score of 8.8, has been discovered in the\u2026", "creation_timestamp": "2026-05-05T04:08:26.721217Z"}, {"uuid": "302c819a-9dd1-4d78-872e-c69a2a9460a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23918", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3ml2v2l43l42x", "content": "8/11\n\nhttps://www.cve.org/CVERecord?id=CVE-2026-28780\n    https://www.cve.org/CVERecord?id=CVE-2026-24072\n    https://www.cve.org/CVERecord?id=CVE-2026-23918\n  (* Security fix *)\nn/krb5-1.22.2-x86_64-2.txz:  Rebuilt.\n  Harden perms on /usr/bin/ksu.", "creation_timestamp": "2026-05-05T00:01:53.001722Z"}, {"uuid": "b0fb3d40-2f37-461d-a183-a8ac8c4ba195", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23918", "type": "seen", "source": "https://bsky.app/profile/bitnami.bsky.social/post/3ml4itn3i4s2z", "content": "23 hours. That's how long it took Bitnami to go from a critical Apache RCE disclosure (CVE-2026-23918) to fully patched container images for Apache, WordPress, Drupal, Moodle, Matomo, and phpMyAdmin.\n\nHere's the full breakdown: community.broadcom.com/tanzu/blogs/...", "creation_timestamp": "2026-05-05T15:28:36.275046Z"}, {"uuid": "4f09d65c-4fec-45f2-9d4f-4eb473092d95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23918", "type": "seen", "source": "https://bsky.app/profile/securestep9.bsky.social/post/3ml45bb4yih24", "content": "#Apache HTTP Server Vulnerability CVE-2026-23918 Exposes Millions of Servers to Remote Code Execution Attacks.\nAnyone running Apache httpd version 2.4.66 or earlier are strongly urged to upgrade immediately!\n\n\ud83d\udc47", "creation_timestamp": "2026-05-05T12:01:29.862971Z"}, {"uuid": "2fccdaee-3bd7-4567-b2df-257988b21652", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23918", "type": "seen", "source": "https://bsky.app/profile/hmier.bsky.social/post/3ml45f7nvfk2f", "content": "high risk CVE-2026-23918 in Apache HTTP Server HTTP/2 implementation.\n\ncc @levhita.net", "creation_timestamp": "2026-05-05T12:03:38.617483Z"}, {"uuid": "cd4313b1-90f1-4ad1-a1b1-af575257907f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23918", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3ml4fuvyyd22w", "content": "\ud83d\udd17 CVE : CVE-2026-23918, CVE-2026-24072, CVE-2026-28780, CVE-2026-29168, CVE-2026-29169, CVE-2026-33006, CVE-2026-33007, CVE-2026-33523, CVE-2026-33857, CVE-2026-34032, CVE-2026-34059", "creation_timestamp": "2026-05-05T14:35:36.033419Z"}]}