Impact of CVE-2026-23918 and CVE-2026-24072 on vCenter Server
search cancel

Impact of CVE-2026-23918 and CVE-2026-24072 on vCenter Server

book

Article ID: 440668

calendar_today

Updated On:

Products

VMware vCenter Server 8.0

Issue/Introduction

Impact of CVE-2026-23918 and CVE-2026-24072 on vCenter Server Apache HTTP Server vulnerabilities clarification for vCenter Server.

  • CVE-2026-23918
    This vulnerability is a double-free memory corruption vulnerability within the Apache HTTP Server's HTTP/2 module (mod_http2)
  • CVE-2026-24072
    This vulnerability allows local .htaccess authors to read files with the privileges of the httpd process. 

Environment

  • vCenter server 8.0

Resolution

Broadcom is aware of CVE-2026-23918 and CVE-2026-24072.

Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE. If you require further information please contact Broadcom Support

 

Additional Information

https://nvd.nist.gov/vuln/detail/CVE-2026-23918

https://nvd.nist.gov/vuln/detail/CVE-2026-24072

Powered by Wolken Software