CVE-2026-33007
Public on 2026-05-04
Modified on 2026-05-06
Description
A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.
Users are recommended to upgrade to version 2.4.67, which fixes this issue.
Users are recommended to upgrade to version 2.4.67, which fixes this issue.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | httpd | 2026-05-26 | ALAS2-2026-3314 | Fixed |
| Amazon Linux 2023 | httpd | 2026-05-26 | ALAS2023-2026-1720 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |