CVE-2026-33007

CVE-2026-33007: Apache HTTP Server: mod_authn_socache crash

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-476

Published May 4, 2026

Last update May 5, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Key dates

Disclosure timeline

May 4, 2026 CVE published

May 5, 2026 Record updated