Apache HTTP Server: Unauthenticated Access to Passwords

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache HTTP Server: Unauthenticated Access to Passwords

CVE-2026-26253

Summary

Apache HTTP Server may expose passwords in error messages. This affects Apache HTTP Server versions prior to 2.4.32. If exploited, an attacker could potentially steal sensitive information. Update to the latest version to mitigate this risk.

Original title

Rejected reason: Not used

Original description

Rejected reason: Not used

Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026