{
  "threat_severity" : "Moderate",
  "public_date" : "2026-06-08T15:14:49Z",
  "bugzilla" : {
    "description" : "httpd: Apache httpd mod_dav_fs: Denial of Service due to path handling issue",
    "id" : "2486406",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2486406"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-22",
  "details" : [ "A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes.\nUsers are recommended to upgrade to version 2.4.68, which fixes this issue.", "A flaw was found in the `mod_dav_fs` module of Apache HTTP Server. A WebDAV (Web Distributed Authoring and Versioning) content author could exploit a path handling issue to directly manipulate trusted DAV property databases. This manipulation could potentially lead to child process crashes, resulting in a Denial of Service (DoS)." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "httpd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "httpd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "httpd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "httpd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "httpd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "fix_state" : "Affected",
    "package_name" : "httpd",
    "cpe" : "cpe:/a:redhat:hummingbird:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-42535\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-42535\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ],
  "name" : "CVE-2026-42535",
  "csaw" : false
}