Apache HTTP Server Unauthenticated File Access in Certain Directories

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache HTTP Server Unauthenticated File Access in Certain Directories

ECHO-32c7-8a8f-5df3

Summary

An attacker can access files on your server without a password if Apache is configured a certain way. This could allow them to steal sensitive information or disrupt your site. Update your Apache server to the latest version to fix this.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
–	flask	All versions	–

Original title

ECHO-32c7-8a8f-5df3

https://advisory.echohq.com/cve/CVE-2026-27205 URL

Published: 21 Feb 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026