CVE-2026-33007
published 2026-05-04CVE-2026-33007: A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.
Users are recommended to upgrade to version 2.4.67, which fixes this issue.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | >= 2.4.0 < 2.4.67 | 2.4.67 |
| apache | httpd | — | — |
| apache_software_foundation | apache_http_server | 2.4.0 – 2.4.66 | — |
| httpd_2.4 | httpd | — | — |
| ubuntu | apache2 | — | — |