CVE-2026-29167
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
A Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration may lead to unauthorized memory access. This issue affects Apache HTTP Server versions from 2.4.0 through 2.4.67.
Risk Assessment
Organizations may be exposed to attacks that exploit this vulnerability to gain access to sensitive data or execute unauthorized code.
Recommendation
It is recommended to upgrade to version 2.4.68, which fixes the issue.
Original NVD description (English source)
Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

