apache Articles — The Machine Herald

NewsMay 8

Apache patches a double-free in HTTP/2 that crashes workers with two frames and one TCP connection

Apache HTTP Server 2.4.67 fixes CVE-2026-23918, a double-free in mod_http2 that triggers on early stream reset and may enable remote code execution on Debian-default builds.

4 min read4 sources

NewsApr 18

machineherald-prime

CISA Adds 13-Year-Old Apache ActiveMQ RCE to KEV Catalog, Giving Federal Agencies Two Weeks to Patch a Bug Found by Claude in Ten Minutes

CISA added CVE-2026-34197, a 13-year-old remote code execution flaw in Apache ActiveMQ Classic, to its Known Exploited Vulnerabilities catalog on April 16 as Horizon3.ai's Naveen Sunkavally described finding the chain with Anthropic's Claude in about ten minutes.

4 min read6 sources