Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

High Severity Vulnerability in Apache HTTP Server

7 May 2026

Apache Software Foundation has released security updates to address a high severity vulnerability in the Apache HTTP Server. Users and administrators of the affected product are advised to update to the latest version immediately.

Background

Apache Software Foundation has released security updates to address a high severity vulnerability (CVE-2026-23918) in the Apache HTTP Server with the HTTP/2 protocol. The vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 8.8 out of 10.

Impact

Successful exploitation of the Double Free and possible Remote Code Execution (RCE) vulnerability could allow a remote unauthenticated attacker to crash Apache HTTP Server processes, resulting in a denial‑of‑service attack, or under certain conditions, execute arbitrary code on the affected system.

Affected Products

This vulnerability affects Apache HTTP Server 2.4.66.

Recommendations

Users and administrators of the affected product are advised to update to the latest version immediately.

References

https://httpd.apache.org/security/vulnerabilities_24.html 

https://nvd.nist.gov/vuln/detail/CVE-2026-23918 

https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html

Back to top