Apache HTTP Server Cross-Site Scripting in mod_lua Module

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache HTTP Server Cross-Site Scripting in mod_lua Module

MINI-j3vr-hwcr-x86q

Summary

Apache HTTP Server's mod_lua module has a bug that can let attackers inject malicious code into websites, potentially stealing user data or taking control of the site. This issue affects Apache HTTP Server versions 2.4.0 through 2.4.18. To fix the issue, update to a patched version of the server.

Original title

MINI-j3vr-hwcr-x86q

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026