PatchSiren cyber security CVE debrief
CVE-2026-48913 Apache CVE debrief
A Use After Free vulnerability was discovered in the Apache HTTP Server module mod_http2 (CVE-2026-48913). The vulnerability occurs when file handles are already exhausted. This issue affects Apache HTTP Server versions from 2.4.55 through 2.4.67, with a CVSS score of 7.3 and a severity rating of HIGH.
- Vendor
- Apache
- Product
- HTTP Server
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-10
Who should care
Users of Apache HTTP Server versions 2.4.55 through 2.4.67 should apply the necessary patches to mitigate this vulnerability.
Technical summary
The vulnerability is caused by a Use After Free issue in the mod_http2 module of Apache HTTP Server. This can happen when file handles are already exhausted. The Common Vulnerabilities and Exposures (CVE) score for this issue is 7.3, indicating a HIGH severity level.
Defensive priority
HIGH
Recommended defensive actions
- Apply the patches provided by the Apache HTTP Server project to address this vulnerability.
- Upgrade to Apache HTTP Server version 2.4.68 or later.
Evidence notes
The CVE-2026-48913 vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-48913) and detailed information can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-48913).
Official resources
-
CVE-2026-48913 CVE record
CVE.org
-
CVE-2026-48913 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
af854a3a-2127-422b-91ae-364da2661108 - Mailing List, Third Party Advisory
CVE-2026-48913 was published on 2026-06-08T16:16:43.390Z and modified on 2026-06-10T19:31:10.350Z.