Medium severity6.5NVD Advisory· Published May 4, 2026· Updated May 4, 2026
CVE-2026-33523
CVE-2026-33523
Description
HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers.
This issue affects Apache HTTP Server: from through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.openwall.com/lists/oss-security/2026/05/04/23nvdMailing ListThird Party Advisory
- httpd.apache.org/security/vulnerabilities_24.htmlnvdVendor Advisory
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026