Vulnerability Details CVE-2026-48913
Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted.
This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.6%
CVSS Severity
CVSS v3 Score 7.3
References
Products affected by CVE-2026-48913
-
cpe:2.3:a:apache:http_server:2.4.55
-
cpe:2.3:a:apache:http_server:2.4.56
-
cpe:2.3:a:apache:http_server:2.4.57
-
cpe:2.3:a:apache:http_server:2.4.58
-
cpe:2.3:a:apache:http_server:2.4.59
-
cpe:2.3:a:apache:http_server:2.4.60
-
cpe:2.3:a:apache:http_server:2.4.61
-
cpe:2.3:a:apache:http_server:2.4.62
-
cpe:2.3:a:apache:http_server:2.4.63
-
cpe:2.3:a:apache:http_server:2.4.64
-
cpe:2.3:a:apache:http_server:2.4.65
-
cpe:2.3:a:apache:http_server:2.4.66
-
cpe:2.3:a:apache:http_server:2.4.67