Loading

Apache vulnerability CVE-2026-23918 in Tableau Server

Publish Date: May 12, 2026
Description

The Tableau Server version 2025.3.4 or later, which includes Apache HTTP Server version 2.4.66, was not impacted by the vulnerability CVE-2026-23918.

Resolution

Apache configurations against CVE-2026-23918 (Double Free / possible RCE in Apache HTTP Server's HTTP/2 implementation, CVSS 8.8 HIGH, affects 2.4.66 only).

 

  Finding: Tableau Server Apache version 2.4.66 isn't exposed to this vulnerability

  - None of Tableau Server's Apache configs load mod_http2 or enable Protocols h2

  - HTTP/2 isn't active in any of Tableau Server httpd.conf files (proxy, test configs)

  - Not loading mod_http2 is a complete mitigation — the vulnerable code path is unreachable

Knowledge Article Number

005321989

 
Loading
Salesforce Help | Article