Vulnerability CVE-2026-33523: Information

Description

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
URL: https://nvd.nist.gov/vuln/detail/CVE-2026-33523
Published: May 4, 2026
Modified: May 4, 2026

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.67-alt12.4.67-alt1ALT-PU-2026-7150-4417200Fixed
apache2sisyphus_e2k2.4.67-alt12.4.67-alt1ALT-PU-2026-7624-1-Fixed
apache2sisyphus_riscv642.4.67-alt12.4.67-alt1ALT-PU-2026-7538-1-Fixed
apache2sisyphus_loongarch642.4.67-alt12.4.67-alt1ALT-PU-2026-7484-1-Fixed
apache2p112.4.67-alt12.4.67-alt1ALT-PU-2026-7156-4417202Fixed
apache2p102.4.67-alt12.4.67-alt1ALT-PU-2026-7231-3417203Fixed
apache2p10_e2k2.4.67-alt12.4.67-alt1ALT-PU-2026-7870-1-Fixed
apache2c10f22.4.67-alt12.4.67-alt1ALT-PU-2026-7158-4417204Fixed
apache2c9f22.4.67-alt12.4.67-alt1ALT-PU-2026-7193-4417205Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://httpd.apache.org/security/vulnerabilities_24.html
  • Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/05/04/23
  • Mailing List
  • Third Party Advisory
BDU:2026-06310
      1. cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
        Start including
        2.4.0
        End excluding
        2.4.67
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top