← Back to home
wid-sec-w-2026-0853  ·  Published 2026-03-24  ·  View on BSI CERT-Bund ↗

Apple macOS: Multiple Vulnerabilities

CVSS 9.3 CRITICAL

Risk Summary

Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

CVEs (83)

CVE-2025-14524 CVE-2025-55753 CVE-2025-58098 CVE-2025-59775 CVE-2025-64505 CVE-2025-65082 CVE-2025-66200 CVE-2026-20607 CVE-2026-20631 CVE-2026-20632 CVE-2026-20633 CVE-2026-20637 CVE-2026-20639 CVE-2026-20643 CVE-2026-20651 CVE-2026-20657 CVE-2026-20660 CVE-2026-20664 CVE-2026-20665 CVE-2026-20668 CVE-2026-20684 CVE-2026-20687 CVE-2026-20688 CVE-2026-20690 CVE-2026-20691 CVE-2026-20692 CVE-2026-20693 CVE-2026-20694 CVE-2026-20695 CVE-2026-20697 CVE-2026-20698 CVE-2026-20699 CVE-2026-20701 CVE-2026-28816 CVE-2026-28817 CVE-2026-28818 CVE-2026-28820 CVE-2026-28821 CVE-2026-28822 CVE-2026-28823 CVE-2026-28824 CVE-2026-28825 CVE-2026-28826 CVE-2026-28827 CVE-2026-28828 CVE-2026-28829 CVE-2026-28831 CVE-2026-28832 CVE-2026-28833 CVE-2026-28834 CVE-2026-28835 CVE-2026-28837 CVE-2026-28838 CVE-2026-28839 CVE-2026-28841 CVE-2026-28842 CVE-2026-28844 CVE-2026-28845 CVE-2026-28852 CVE-2026-28857 CVE-2026-28859 CVE-2026-28861 CVE-2026-28862 CVE-2026-28864 CVE-2026-28865 CVE-2026-28866 CVE-2026-28867 CVE-2026-28868 CVE-2026-28870 CVE-2026-28871 CVE-2026-28876 CVE-2026-28877 CVE-2026-28878 CVE-2026-28879 CVE-2026-28880 CVE-2026-28881 CVE-2026-28882 CVE-2026-28886 CVE-2026-28888 CVE-2026-28891 CVE-2026-28892 CVE-2026-28893 CVE-2026-28894

Affected Vendors

Apple

Affected Products (6)

Apple · macOS Sonoma <14.8.5
Apple · macOS Sonoma 14.8.5
Apple · macOS Sequoia <15.7.5
Apple · macOS Sequoia 15.7.5
Apple · macOS Tahoe <26.4
Apple · macOS Tahoe 26.4

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more