Skip to content
Cyvex Security

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server

The most severe of these security defects could allow remote attackers to execute arbitrary code. The post Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server appeared first on SecurityWeek.

Apache on Monday released patches for over a dozen vulnerabilities in HTTP Server and MINA, including critical and high-severity issues that could be exploited for remote code execution (RCE).

Apache HTTP Server 2.4.67 was released with fixes for 11 vulnerabilities, 10 of which affect all previous releases.

The first is CVE-2026-23918, a double-free and possible RCE bug in the HTTP/2 protocol handling. By triggering an early reset, an attacker could cause a denial-of-service (DoS) condition and potentially execute arbitrary code.

Source: https://www.securityweek.com/critical-high-severity-vulnerabilities-patched-in-apache-mina-http-server/

Related breach coverage

  • MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
    2026-05-05

    The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests. The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.

  • Cisco Patches High-Severity Vulnerabilities in Enterprise Products
    2026-05-07

    Successful exploitation of the flaws could lead to code execution, server-side request forgery attacks, and denial-of-service conditions. The post Cisco Patches High-Severity Vulnerabilities in Enterprise Products appeared first on SecurityWeek.

  • Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE
    2026-05-06

    Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution. The Apache Software Foundation has released updates to fix multiple vulnerabilities in its HTTP Server, including CVE-2026-23918 (CVSS score of 8.8). The issue involves a “double free” error in HTTP/2 handling […]

  • Chrome 148 Rolls Out With 127 Security Fixes
    2026-05-07

    The fresh browser update resolves critical-severity integer overflow and use-after-free vulnerabilities. The post Chrome 148 Rolls Out With 127 Security Fixes appeared first on SecurityWeek.