Apache HTTP/2 Vulnerability (CVE-2026-23918)

Incident Report for StableHost

Resolved

This incident has been resolved.
Posted May 18, 2026 - 12:41 CST

Monitoring

We are aware of the recently disclosed Apache HTTP/2 vulnerability (CVE-2026-23918) affecting certain Apache configurations with HTTP/2 enabled.

Our actively maintained hosting infrastructure has already received the necessary security updates through normal update channels where applicable. For older or legacy systems that cannot immediately be upgraded, HTTP/2 mitigation steps are available.

At this time, we are not aware of any active exploitation affecting StableHost-managed infrastructure.

This vulnerability is applicable only to cPanel/Linux hosting customers, both Shared and VPS.

Additional details, impact information, and mitigation instructions can be found in the following knowledgebase article:
https://support.stablehost.com/en/articles/14984554-critical-apache-http-2-vulnerability-cve-2026-23918

We will continue monitoring the situation and provide further updates if necessary.
Posted May 05, 2026 - 16:23 CST
This incident affected: Servers (Amsterdam, NL, Frankfurt, DE, Madrid, ES, Chicago, US, St. Loius, US, San Jose, US, Phoenix, US, Singapore, SG, Stockholm, SE, Turku, FI, Vilnius, Lithuania, Reseller Servers - St. Louis, Reseller Servers - Amsterdam, VPS - Phoenix, VPS - Chicago, VPS - Amsterdam).
Current Status Powered by Atlassian Statuspage