ALAS2023-2026-1562

Amazon Linux 2023 Security Advisory: ALAS2023-2026-1562
Advisory Released Date: 2026-04-13
Advisory Updated Date: 2026-04-13

Severity: Medium

References: CVE-2026-33691
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Whitespace padding in filenames bypasses file upload extension checks

NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w (CVE-2026-33691)

Affected Packages:

mod_security_crs

Issue Correction:
Run dnf update mod_security_crs --releasever 2023.11.20260413 or dnf update --advisory ALAS2023-2026-1562 --releasever 2023.11.20260413 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

noarch:
    mod_security_crs-4.2.0-1.amzn2023.0.3.noarch

src:
    mod_security_crs-4.2.0-1.amzn2023.0.3.src

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2026-33691

Mitre: CVE-2026-33691