Medium severity4.8NVD Advisory· Published May 4, 2026· Updated May 4, 2026
CVE-2026-33006
CVE-2026-33006
Description
A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker.
Users are recommended to upgrade to version 2.4.67, which fixes this issue.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.openwall.com/lists/oss-security/2026/05/04/21nvdMailing ListThird Party Advisory
- httpd.apache.org/security/vulnerabilities_24.htmlnvdVendor Advisory
News mentions
2- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026
- Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP ServerSecurityWeek · May 5, 2026