CVE-2026-33857

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.67

Description An out-of-bounds read issue exists in the mod proxy ajp module of Apache HTTP Server, specifically within AJP getter functions. This flaw allows a remote attacker to read memory outside the intended range, which could lead to the disclosure of sensitive information.

Recommendations Upgrade to version 2.4.67.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2026:21391

ALSA-2026:21433

ALSA-2026:22140

BDU:2026-06352

BIT-APACHE-2026-33857

CVE-2026-33857

OESA-2026-2320

OESA-2026-2398

OESA-2026-2400

OESA-2026-2401

OESA-2026-2402

OPENSUSE-SU-2026:10785-1

USN-8239-1

Affected Products

Apache Http Server

Linuxmint

Rocky Linux

Ubuntu

CVE-2026-33857

Weakness Enumeration

Related Identifiers

Affected Products

References · 91