{"id":15493,"date":"2026-05-05T15:15:15","date_gmt":"2026-05-05T12:15:15","guid":{"rendered":"https:\/\/www.inetmar.com\/blog\/?p=15493"},"modified":"2026-05-05T15:16:20","modified_gmt":"2026-05-05T12:16:20","slug":"cve-2026-23918-cvss-8-8","status":"publish","type":"post","link":"https:\/\/www.inetmar.com\/blog\/cve-2026-23918-cvss-8-8\/","title":{"rendered":"Apache HTTP Sunucular\u0131nda Kritik RCE Zafiyeti! CVE-2026-23918 (CVSS: 8.8)"},"content":{"rendered":"

Apache Software Foundation, milyonlarca sunucuyu do\u011frudan tehdit eden olduk\u00e7a kritik bir g\u00fcvenlik g\u00fcncellemesi yay\u0131nlad\u0131. 4 May\u0131s 2026 tarihinde sunulan Apache HTTP Server 2.4.67<\/strong> s\u00fcr\u00fcm\u00fc, sistemin uzaktan ele ge\u00e7irilmesine (RCE) yol a\u00e7abilecek son derece tehlikeli bir hatay\u0131 kapat\u0131yor. E\u011fer sistemlerinizde 2.4.66 veya daha eski bir s\u00fcr\u00fcm \u00e7al\u0131\u015f\u0131yorsa bu g\u00fcncellemeyi kesinlikle ertelememeniz gerekiyor.<\/p>\n

Ba\u015fl\u0131ca Tehdit: CVE-2026-23918 (CVSS: 8.8)<\/h2>\n

Sistem y\u00f6neticilerini as\u0131l alarma ge\u00e7iren sorun Apache’nin HTTP\/2 protokol\u00fc uygulamas\u0131nda tespit edilen bir bellek bozulmas\u0131 (double-free) hatas\u0131. Sistem, ayn\u0131 bellek b\u00f6lgesini iki kez serbest b\u0131rakmaya \u00e7al\u0131\u015ft\u0131\u011f\u0131nda bellek yap\u0131lar\u0131 bozuluyor. Bu a\u00e7\u0131k sald\u0131rganlara sistemin \u00e7al\u0131\u015fma ak\u0131\u015f\u0131n\u0131 kendi istedikleri y\u00f6ne \u00e7ekme ve do\u011frudan Uzaktan Kod \u00c7al\u0131\u015ft\u0131rma (RCE)<\/strong> f\u0131rsat\u0131 veriyor.<\/p>\n

Do\u011frudan 2.4.66 s\u00fcr\u00fcm\u00fcn\u00fc hedef alan bu zafiyet, d\u00fcnya \u00e7ap\u0131ndaki kurumsal altyap\u0131lar i\u00e7in \u00e7ok ciddi bir risk olu\u015fturuyor. Bu g\u00fcncelleme paketiyle birlikte ayr\u0131ca, sunucu<\/a> kaynaklar\u0131n\u0131 t\u00fcketebilen veya \u00e7\u00f6kmelere (DoS) yol a\u00e7abilen \u00fc\u00e7 farkl\u0131 d\u00fc\u015f\u00fck seviyeli a\u00e7\u0131k (CVE-2026-28780, CVE-2026-29168 ve CVE-2026-29169) daha giderilmi\u015f durumda.
\n\"\"<\/p>\n

Sunucunuzu Nas\u0131l G\u00fcvenceye Al\u0131rs\u0131n\u0131z?<\/h2>\n

Bu kritik RCE zafiyetinin tek kesin \u00e7\u00f6z\u00fcm\u00fc vakit kaybetmeden 2.4.67 s\u00fcr\u00fcm\u00fcne<\/strong> ge\u00e7i\u015f yapmakt\u0131r. E\u011fer acil bir g\u00fcncelleme yapma imkan\u0131n\u0131z yoksa ge\u00e7ici bir \u00f6nlem olarak sunucunuzda HTTP\/2’yi devre d\u0131\u015f\u0131 b\u0131rakmay\u0131 de\u011ferlendirebilirsiniz. Ancak cPanel ve EasyApache 4<\/strong> kullanan bir sunucu altyap\u0131s\u0131na sahipseniz bu hayati g\u00fcvenlik yamas\u0131n\u0131 do\u011frudan terminal \u00fczerinden uygulayarak sisteminizi h\u0131zl\u0131ca koruma alt\u0131na alabilirsiniz. \u0130\u015fletim sisteminize uygun olarak a\u015fa\u011f\u0131daki ad\u0131mlar\u0131 izlemeniz yeterlidir:<\/p>\n

AlmaLinux Sistemler \u0130\u00e7in:<\/h3>\n

SSH \u00fczerinden sunucunuza root yetkisiyle ba\u011flan\u0131n, paket \u00f6nbelle\u011fini temizleyin ve g\u00fcncellemeyi ba\u015flat\u0131n:<\/p>\n

dnf clean all
\ndnf makecache
\ndnf -y update ea-apache*
\n<\/code><\/p>\n

Ubuntu Sistemler \u0130\u00e7in:<\/h3>\n

Debian\/Ubuntu tabanl\u0131 bir altyap\u0131n\u0131z varsa, paket listelerinizi tazeleyip yaln\u0131zca EasyApache paketlerini hedefleyerek y\u00fckseltme i\u015flemini \u015fu komutlarla yapabilirsiniz:<\/p>\n

apt update
\napt install --only-upgrade \"ea-apache24*\"<\/code><\/p>\n

\u0130\u015flemi tamamland\u0131ktan sonra Apache servisinizin sorunsuz bir \u015fekilde yeniden ba\u015flad\u0131\u011f\u0131ndan ve sisteminizin g\u00fcvenlik yamas\u0131n\u0131 i\u00e7eren g\u00fcncel s\u00fcr\u00fcmde \u00e7al\u0131\u015ft\u0131\u011f\u0131ndan emin olmak i\u00e7in servis kontrol\u00fc (httpd -v)<\/strong> yapmay\u0131 unutmay\u0131n.<\/p>\n","protected":false},"excerpt":{"rendered":"

Apache Software Foundation, milyonlarca sunucuyu do\u011frudan tehdit eden olduk\u00e7a kritik bir g\u00fcvenlik g\u00fcncellemesi yay\u0131nlad\u0131. 4 May\u0131s 2026 tarihinde sunulan Apache HTTP Server 2.4.67 s\u00fcr\u00fcm\u00fc, sistemin uzaktan ele ge\u00e7irilmesine (RCE) yol a\u00e7abilecek son derece tehlikeli bir...<\/p>\n","protected":false},"author":2,"featured_media":15494,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[52],"tags":[],"class_list":["post-15493","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guvenlik"],"_links":{"self":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/15493","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/comments?post=15493"}],"version-history":[{"count":12,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/15493\/revisions"}],"predecessor-version":[{"id":15507,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/15493\/revisions\/15507"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media\/15494"}],"wp:attachment":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media?parent=15493"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/categories?post=15493"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/tags?post=15493"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}