Main Vulnerability Database Exploits ID:12779 - Exploit for Double free in Apache HTTP Server - CVE-2026-23918

ID:12779 - Exploit for Double free in Apache HTTP Server - CVE-2026-23918

Published: June 23, 2026

Vulnerability identifier: #VU129550

Vulnerability risk: High

CVE-ID: CVE-2026-23918

CWE-ID: CWE-415

Exploitation vector: Remote access

Vulnerable software:
Apache HTTP Server

Link to public exploit:

https://github.com/xeloxa/CVE-2026-23918-Apache-H2-PoC

Vulnerability description

The vulnerability allows a remote attacker to cause a denial of service and possibly execute arbitrary code.

The vulnerability exists due to a double free in Apache HTTP Server HTTP/2 handling when processing an early reset. A remote attacker can trigger an early reset condition to cause a denial of service and possibly execute arbitrary code.

The issue is specific to the HTTP/2 protocol.

Remediation

Install security update from vendor's website.

ID:12779 - Exploit for Double free in Apache HTTP Server - CVE-2026-23918

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human