CVE Vulnerabilities

CVE-2026-33523

DEPRECATED: HTTP response splitting

Published: May 04, 2026 | Modified: May 04, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Ubuntu
LOW
root.io logo minimus.io logo echo.ai logo

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers.

This issue affects Apache HTTP Server: from through 2.4.66.

Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Weakness

This weakness can be found at CWE-113.

Affected Software

NameVendorStart VersionEnd Version
Http_serverApache2.4.0 (including)2.4.67 (excluding)
Red Hat Hardened ImagesRedHathttpd-main-2.4.67-1.hum1*
Apache2Ubuntudevel*
Apache2Ubuntuesm-infra/xenial*
Apache2Ubuntujammy*
Apache2Ubuntunoble*
Apache2Ubuntuquesting*
Apache2Ubunturesolute*
Apache2Ubuntuupstream*

References