Skip to main content

Apache Answer CVE-2026-33582

| EUVD-2026-35369 MEDIUM
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-06-09 GHSA-v553-g2w6-295p
File Upload Apache
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
CVSS changed
Jun 09, 2026 - 16:22 NVD
6.5 (MEDIUM)
Analysis Generated
Jun 09, 2026 - 08:16 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

Articles & Coverage 1

News Critical DoS in Apache Answer 2.0.0 via Crafted TIFF Upload - CVE-2026-33582 Jun 09, 2026

AnalysisAI

Denial-of-service via crafted TIFF image upload in Apache Answer through 2.0.0 allows an authenticated user to crash the server process by triggering excessive memory allocation during image decoding. The vulnerability stems from improper handling of specially crafted TIFF files in the file upload feature, where no bounds are placed on memory consumed during the decode phase. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Apache Answer instance
Delivery
Upload crafted TIFF file via file upload feature
Exploit
Server decodes TIFF with no memory allocation cap
Execution
OOM condition exhausts server memory
Persist
Server process crashes
Impact
Platform unavailable (DoS)
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The file upload feature in Apache Answer must be accessible to the attacker. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS vector was provided, so quantitative scoring cannot be confirmed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user on an Apache Answer instance running version 2.0.0 or earlier uploads a specially crafted TIFF file - for example, one with malformed image dimensions that direct the decoder to allocate gigabytes of memory. The server's image decoding process consumes all available memory, causing the Answer server process to crash and rendering the platform unavailable to all users until it is restarted. …
Remediation The primary fix is to upgrade Apache Answer to version 2.0.1, which resolves the excessive memory allocation issue during TIFF decoding. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Disable TIFF file uploads in Apache Answer 2.0.0 or implement strict file type allowlists; restrict upload permissions to essential users only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-33582 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy