PT-2026-36813 · Apache+2 · Apache Http Server+2

Nitescu Lucian

Published

2026-03-09

Updated

2026-05-28

CVE-2026-33006

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.4.66

Description A timing attack against mod auth digest allows a remote attacker to bypass Digest authentication. A timing attack is a side-channel attack where the attacker attempts to compromise a system by analyzing the time it takes to execute specific algorithms or functions.

Recommendations Upgrade to version 2.4.67.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-208

Related Identifiers

BDU:2026-06308

BIT-APACHE-2026-33006

CVE-2026-33006

OESA-2026-2316

OESA-2026-2318

OESA-2026-2319

OESA-2026-2320

OESA-2026-2401

OPENSUSE-SU-2026:10785-1

USN-8239-1

Affected Products

Apache Http Server

Linuxmint

Ubuntu

PT-2026-36813 · Apache+2 · Apache Http Server+2

CVE-2026-33006

Weakness Enumeration

Related Identifiers

Affected Products

References · 64