CVE Catalog

CVE-2026-33582

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

A vulnerability in Apache Answer allows unrestricted upload of files with dangerous types. A crafted TIFF image could trigger excessive memory allocation during image decoding, potentially causing the server process to crash.

Risk Assessment

The organization may experience server downtime due to crashes, impacting service availability. Authenticated users could exploit this vulnerability to destabilize the system.

Recommendation

It is recommended to upgrade to version 2.0.1, which fixes the issue. Additionally, consider implementing further security measures regarding file uploads.

Original NVD description (English source)

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS