CVE-2026-28808: ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Overview
- Severity
- N/A
- Exploit Status
- Not Exploited
- Patch Tuesday
- 2026-Apr
- Released
- 2026-04-23
- Last Updated
- 2026-04-29
- EPSS Score
- 0.04% (percentile: 11.1%)
Affected Products (3)
Open Source Software
- azl3 erlang 26.2.5.20-1 on Azure Linux 3.0
- azl3 erlang 26.2.5.18-1 on Azure Linux 3.0
- cbl2 erlang 25.3.2.21-5 on CBL Mariner 2.0
Revision History
- 2026-04-23: Information published.
- 2026-04-29: Information published.