Vulnerability CVE-2026-33007: Information

Description

A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
URL: https://nvd.nist.gov/vuln/detail/CVE-2026-33007
Published: May 4, 2026
Modified: May 4, 2026
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.67-alt12.4.67-alt1ALT-PU-2026-7150-4417200Fixed
apache2sisyphus_e2k2.4.67-alt12.4.67-alt1ALT-PU-2026-7624-1-Fixed
apache2sisyphus_riscv642.4.67-alt12.4.67-alt1ALT-PU-2026-7538-1-Fixed
apache2sisyphus_loongarch642.4.67-alt12.4.67-alt1ALT-PU-2026-7484-1-Fixed
apache2p112.4.67-alt12.4.67-alt1ALT-PU-2026-7156-4417202Fixed
apache2p102.4.67-alt12.4.67-alt1ALT-PU-2026-7231-3417203Fixed
apache2p10_e2k2.4.67-alt12.4.67-alt1ALT-PU-2026-7870-1-Fixed
apache2c10f22.4.67-alt12.4.67-alt1ALT-PU-2026-7158-4417204Fixed
apache2c9f22.4.67-alt12.4.67-alt1ALT-PU-2026-7193-4417205Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://httpd.apache.org/security/vulnerabilities_24.html
  • Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/05/04/22
  • Mailing List
  • Third Party Advisory
BDU:2026-06311
      1. cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
        Start including
        2.4.0
        End excluding
        2.4.67
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top