CVE-2026-29169

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.66

Description A NULL pointer dereference in the mod dav lock module may allow an attacker to crash the server by sending a malicious request. A NULL pointer dereference occurs when a program attempts to read or write to a memory address that is NULL, typically leading to an application crash.

Recommendations Upgrade to version 2.4.66. Remove the mod dav lock module.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-06309

BIT-APACHE-2026-29169

CVE-2026-29169

OESA-2026-2316

OESA-2026-2318

OESA-2026-2319

OESA-2026-2320

OESA-2026-2401

OPENSUSE-SU-2026:10785-1

RHSA-2026:17080

USN-8239-1

Affected Products

Apache Http Server

Linuxmint

Ubuntu

CVE-2026-29169

Weakness Enumeration

Related Identifiers

Affected Products

References · 63