⚠️⚠️⚠️ Critical Apache Server Bug Allows Remote Attacks / CloudLinux users can update their Apache using cl-ea4-testing repo,

⚠️⚠️⚠️ Critical Apache Server Bug Allows Remote Attacks

A serious security flaw has been discovered in Apache HTTP Server that could let hackers remotely take control of vulnerable servers.

Update it even if you use LiteSpeed or Nginx

Do not let any open vulnerability exist on your server

The main issue, tracked as CVE-2026-23918, affects Apache’s HTTP/2 feature

More info :

https://support.cpanel.net/hc/en-us/articles/40229402602519-Security-CVE-2026-23918

https://cybersecuritynews.com/apache-http-server-rce/

update your Apache using :

RHEL based servers :

yum clean all

yum makecache

yum -y update ea-apache*

Almalinux :

dnf clean all

dnf makecache

dnf -y update ea-apache*

On Ubuntu :

apt update

apt install --only-upgrade "ea-apache24*"

Check update by running :

httpd -v

You should see Apache/2.4.67

---------------

CloudLinux users can update their Apache using cl-ea4-testing repo,

https://cloudlinux.zendesk.com/hc/en-us/articles/27239221402908-Apache-CVE-2026-23918-ea-apache24-2-4-67-is-not-available-in-CloudLinux-repositories

Command :

yum update ea-apache24 --enablerepo=cl-ea4-testing

« Back