Red Hat Product Errata RHSA-2026:21433 - Security Advisory Issued: 2026-05-27 Updated: 2026-05-27 RHSA-2026:21433 - Security Advisory Overview Updated Packages Synopsis Important: httpd security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for httpd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059) httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032) httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857) httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007) Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2464940 - CVE-2026-34059 httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() BZ - 2464952 - CVE-2026-34032 httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check BZ - 2464953 - CVE-2026-33857 httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions BZ - 2465299 - CVE-2026-33007 httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash BZ - 2466913 - CVE-2026-28780 Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow CVEs CVE-2026-28780 CVE-2026-33007 CVE-2026-33857 CVE-2026-34032 CVE-2026-34059 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM httpd-2.4.63-13.el10_2.1.src.rpm SHA-256: f65bb793bb9e276bdf23bd530ad140d174f21094be3f5f91f0af45bdaf197f6d x86_64 httpd-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 8ba25b11cf044dc52dde42b8da1a7875f9e4edda68c0cd1b698516ea96ab8bf7 httpd-core-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 6340d0b9442e3de2c7ee8e18b08b285f99ef5f7ce666061b657d2c0d9d1ef624 httpd-core-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 8818b1e83be6bb971128bbc335b9d44088fa6bafdc5751434826659d4269eef5 httpd-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: fcea621abcdce5b07d59a1df7aeeef49b5e4297596d0ee04a813aaa2a944f9e6 httpd-debugsource-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 80672605ad4158a9740bf979bba173cdc9efb2a16f558a810ea97cf7dd4702ef httpd-devel-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 6e49c2b8663e05d232d0df2374ed895456172ed0cca65e5941cb1d57b4c85014 httpd-filesystem-2.4.63-13.el10_2.1.noarch.rpm SHA-256: 75edd6a00826a8c803c3c679cfa6865942d69422d4e799f7d0ef6c40e6752c57 httpd-manual-2.4.63-13.el10_2.1.noarch.rpm SHA-256: d41b3562a466e6a2ccee4d6748f242b27f3f5cdc658434bd7c66447692894d40 httpd-tools-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 81361b06fac0d2f79d3ac07817adbc1576557b9517bad04601c288217a2cd1e8 httpd-tools-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: f1c50455bd4bdefe70a58c9956a054c536ac78f80bff0408beef6c3b2a0a78b5 mod_ldap-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: e174a792cbcfc16565a7fbbaeec4b8b7752fb280231dff11a48efcc3782a5324 mod_ldap-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 2cc98d4146afbce2c085c143f79b589d221c4e08c970caa9c90cd7a14cab1b72 mod_lua-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 596b79cbe20f3156dc7fb9e29d784f72764e94fe0464cf5f9d7732fce70e3e09 mod_lua-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: d8d5cefb8aaf1cf30c7795449744fffbb6c493d53015ca2579836338aad84969 mod_proxy_html-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 1870a1f3775dab8c4b9fab58e391a126f1cd18226676eb36efe3c3a3e28f7727 mod_proxy_html-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: f9a288613a6d15079c2de45458621a52ac71204ce33994ad9af6d4783907321f mod_session-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: edd1575c4867556389e7704500875ece0c4641f4fbfdbc019ee8c5ff8349a520 mod_session-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: eda4da37ff60bbb8f40fdc206cf94105cec23b272917e1c529eb9471075affa1 mod_ssl-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 0324b3c76788a8a1b22cef67455ef30fb3d994c3bfd68ffbfd336cd43a67455b mod_ssl-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: cdfa3d9cd41dbb7f061eb1118381437fd9ced9b8abbd1fab91fe047eecb1c3cd Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM httpd-2.4.63-13.el10_2.1.src.rpm SHA-256: f65bb793bb9e276bdf23bd530ad140d174f21094be3f5f91f0af45bdaf197f6d x86_64 httpd-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 8ba25b11cf044dc52dde42b8da1a7875f9e4edda68c0cd1b698516ea96ab8bf7 httpd-core-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 6340d0b9442e3de2c7ee8e18b08b285f99ef5f7ce666061b657d2c0d9d1ef624 httpd-core-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 8818b1e83be6bb971128bbc335b9d44088fa6bafdc5751434826659d4269eef5 httpd-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: fcea621abcdce5b07d59a1df7aeeef49b5e4297596d0ee04a813aaa2a944f9e6 httpd-debugsource-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 80672605ad4158a9740bf979bba173cdc9efb2a16f558a810ea97cf7dd4702ef httpd-devel-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 6e49c2b8663e05d232d0df2374ed895456172ed0cca65e5941cb1d57b4c85014 httpd-filesystem-2.4.63-13.el10_2.1.noarch.rpm SHA-256: 75edd6a00826a8c803c3c679cfa6865942d69422d4e799f7d0ef6c40e6752c57 httpd-manual-2.4.63-13.el10_2.1.noarch.rpm SHA-256: d41b3562a466e6a2ccee4d6748f242b27f3f5cdc658434bd7c66447692894d40 httpd-tools-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 81361b06fac0d2f79d3ac07817adbc1576557b9517bad04601c288217a2cd1e8 httpd-tools-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: f1c50455bd4bdefe70a58c9956a054c536ac78f80bff0408beef6c3b2a0a78b5 mod_ldap-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: e174a792cbcfc16565a7fbbaeec4b8b7752fb280231dff11a48efcc3782a5324 mod_ldap-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 2cc98d4146afbce2c085c143f79b589d221c4e08c970caa9c90cd7a14cab1b72 mod_lua-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 596b79cbe20f3156dc7fb9e29d784f72764e94fe0464cf5f9d7732fce70e3e09 mod_lua-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: d8d5cefb8aaf1cf30c7795449744fffbb6c493d53015ca2579836338aad84969 mod_proxy_html-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 1870a1f3775dab8c4b9fab58e391a126f1cd18226676eb36efe3c3a3e28f7727 mod_proxy_html-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: f9a288613a6d15079c2de45458621a52ac71204ce33994ad9af6d4783907321f mod_session-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: edd1575c4867556389e7704500875ece0c4641f4fbfdbc019ee8c5ff8349a520 mod_session-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: eda4da37ff60bbb8f40fdc206cf94105cec23b272917e1c529eb9471075affa1 mod_ssl-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: 0324b3c76788a8a1b22cef67455ef30fb3d994c3bfd68ffbfd336cd43a67455b mod_ssl-debuginfo-2.4.63-13.el10_2.1.x86_64.rpm SHA-256: cdfa3d9cd41dbb7f061eb1118381437fd9ced9b8abbd1fab91fe047eecb1c3cd Red Hat Enterprise Linux for IBM z Systems 10 SRPM httpd-2.4.63-13.el10_2.1.src.rpm SHA-256: f65bb793bb9e276bdf23bd530ad140d174f21094be3f5f91f0af45bdaf197f6d s390x httpd-2.4.63-13.el10_2.1.s390x.rpm SHA-256: b69ea0e2c180ddb5e0067d194a7b9a872104b3adb1ce2e7d22fa1dcc7392c3b2 httpd-core-2.4.63-13.el10_2.1.s390x.rpm SHA-256: a5854fea0550ec0dff31904be32245a3fb4b0f675cacd0c3d7dfa94da369975e httpd-core-debuginfo-2.4.63-13.el10_2.1.s390x.rpm SHA-256: 9befe8e7d2ac1c89ceb4138381c328a8e55a45c1ef155ad768305da2f276ec18 httpd-debuginfo-2.4.63-13.el10_2.1.s390x.rpm SHA-256: be1802fc232cbe27512bf6aa92c5144279ff905e0d1fe251fc500925b1439321 httpd-debugsource-2.4.63-13.el10_2.1.s390x.rpm SHA-256: 9d8569a91ace5d67ba3441772137a84a6bc5e8420c3194fd73553c1846ef3ab8 httpd-devel-2.4.63-13.el10_2.1.s390x.rpm SHA-256: 7c8ee1aa886db06cd83d9d5d7e861472f56fdce051f30c6b9da86a22f554144b httpd-filesystem-2.4.63-13.el10_2.1.noarch.rpm SHA-256: 75edd6a00826a8c803c3c679cfa6865942d69422d4e799f7d0ef6c40e6752c57 httpd-manual-2.4.63-13.el10_2.1.noarch.rpm SHA-256: d41b3562a466e6a2ccee4d6748f242b27f3f5cdc658434bd7c66447692894d40 httpd-tools-2.4.63-13.el10_2.1.s