[CRITICAL] CVE-2013-10075 — CVSS 9.1 (May 8, 2026)

A CRITICAL-severity vulnerability identified as CVE-2013-10075 has been published on May 8, 2026 with a CVSS base score of 9.1. The vulnerability affects Chorny Apache. This security advisory provides a detailed breakdown of the vulnerability, its potential impact, weakness classification, and actionable steps to protect your systems.

Vulnerability Details

CVE ID: CVE-2013-10075
Severity: CRITICAL
CVSS Score: 9.1
Published: May 8, 2026
Affected Product: Chorny Apache
Weakness (CWE): CWE-672

Technical Description

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted.

Potential Impact

If exploited, this critical-severity vulnerability could allow an attacker to compromise sensitive data confidentiality, tamper with system integrity. Organizations running Chorny Apache should treat this as a priority remediation item.

Recommended Action

No official patch is available yet. Until one is released:

1. Monitor the official NVD page and vendor channels for patch announcements.
2. Restrict access to the affected system or service where possible.
3. Apply network-level mitigations such as firewall rules or WAF policies.
4. Enable logging and alerting for anomalous activity related to this vulnerability.
5. Review your incident response plan in case of active exploitation.

View full details on NVD →

References

• Issue Tracking, Mailing List
• Mailing List, Third Party Advisory

Related Security Advisories

• [CRITICAL] CVE-2026-35547 — CVSS 9.1 (April 30, 2026) — CRITICAL / CVSS 9.1
• [CRITICAL] CVE-2026-3325 — CVSS 10.0 (April 29, 2026) — CRITICAL / CVSS 10.0
• [CRITICAL] CVE-2026-5964 — CVSS 9.8 (April 20, 2026) — CRITICAL / CVSS 9.8