aikido.dev Secure My Code

Intel/AIKIDO-2026-10737

AIKIDO-2026-10737

httpd is vulnerable to Double Free

Double FreeCVE-2026-23918 Published May 5, 2026

91

Critical Risk

This Affects:

httpd

2.4.66 - 2.4.66

Fixed in 2.4.67

Are you affected? Scan for Free

TL;DR

A double free vulnerability in Apache HTTP Server when processing HTTP/2 protocol requests can lead to memory corruption due to improper handling of freed memory. This condition may allow an attacker to trigger a crash or manipulate memory structures, potentially resulting in remote code execution (rce) in certain configurations. This issue affects Apache HTTP Server builds with HTTP/2 support enabled. Exploitation typically requires sending specially crafted HTTP/2 requests that cause the server to free the same memory region multiple times.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

httpd is vulnerable to Double Free in versions 2.4.66 - 2.4.66.

How to fix this

Upgrade the httpd/apache library to the patch version.

91

Critical Risk

This Affects:

httpd

2.4.66 - 2.4.66

Fixed in 2.4.67

Are you affected? Scan for Free

Links

httpd.apache.org/security/vulnerabilities_24.html

openwall.com/lists/oss-security/2026/05/04/19

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Free. No credit card required.

Aikido Platform

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Subscribe

Stay up to date with all updates

LinkedIn YouTube X

© 2026 Aikido Security BV | BE0792914919

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2

ISO 27001

ISO 27001Compliant

Get Security Done