CVE-2026-33523
published 2026-05-04CVE-2026-33523: HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP…
medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers.
This issue affects Apache HTTP Server: from through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | >= 2.4.0 < 2.4.67 | 2.4.67 |
| apache | httpd | — | — |
| apache_software_foundation | apache_http_server | 2.4.0 – 2.4.66 | — |
| httpd_2.4 | httpd | — | — |
| ubuntu | apache2 | — | — |