PatchSiren cyber security CVE debrief
CVE-2026-33582 Apache CVE debrief
CVE-2026-33582 is a Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer through version 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are recommended to upgrade to version 2.0.1, which fixes the issue.
- Vendor
- Apache
- Product
- Answer
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of Apache Answer through version 2.0.0 should be aware of this vulnerability and take action to upgrade to version 2.0.1.
Technical summary
The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The weakness is classified as CWE-434.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to version 2.0.1 of Apache Answer.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found in the mailing list discussions at [ref-4] and [ref-5].
Official resources
-
CVE-2026-33582 CVE record
CVE.org
-
CVE-2026-33582 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mailing List, Vendor Advisory
-
Mitigation or vendor reference
af854a3a-2127-422b-91ae-364da2661108 - Mailing List, Third Party Advisory
CVE-2026-33582 was published on 2026-06-09T09:16:29.187Z and modified on 2026-06-10T13:37:57.793Z.