The Apache Software Foundation has issued security updates to address multiple vulnerabilities in its HTTP Server, with particular concern around CVE-2026-23918, a critical flaw in HTTP/2 protocol handling that could enable remote code execution. The vulnerability carries a CVSS score of 8.8.