CVE-2026-33523

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.67

Description HTTP response splitting occurs in multiple Apache HTTP Server modules when interacting with untrusted or compromised backend servers. This issue allows an attacker to split an HTTP response, potentially leading to cache poisoning or cross-site scripting.

Recommendations Upgrade to version 2.4.67.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-113CWE-443

Related Identifiers

BDU:2026-06310

BIT-APACHE-2026-33523

CVE-2026-33523

OESA-2026-2320

OESA-2026-2398

OESA-2026-2400

OESA-2026-2401

OESA-2026-2402

OPENSUSE-SU-2026:10785-1

USN-8239-1

Affected Products

Apache Http Server

Linuxmint

Ubuntu

CVE-2026-33523

Weakness Enumeration

Related Identifiers

Affected Products

References · 62