CVE-2026-33582

6.5 MEDIUM

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer

Published: 2026-06-09 · Last updated: 2026-06-10

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-434

Affected products

Vendor	Product
apache	answer

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-33582
[Vendor advisory]https://lists.apache.org/thread/3sgpx4cwsgpnt66xv3cqvtc8z4st1kbq
[Other]http://www.openwall.com/lists/oss-security/2026/06/09/5

Related CVEs

Same vendor

CVE-2026-34905 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer (6.5 MEDIUM)
CVE-2026-34031 — Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)
CVE-2026-25699 — Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer (6.1 MEDIUM)
CVE-2026-25688 — Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer (6.1 MEDIUM)
CVE-2026-49975 — Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)

Same CWE

CVE-2026-9067 — The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload ... (9.1 CRITICAL)
CVE-2026-36722 — An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute ... (5.4 MEDIUM)
CVE-2025-40808 — A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85... (6.1 MEDIUM)
CVE-2026-34031 — Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)
CVE-2026-11621 — A weakness has been identified in Dcat-Admin up to 2.2.3-beta (4.7 MEDIUM)