CVE-2026-33467 — Improper Verification of Cryptographic Signature (CWE-347)
CVE-2026-33467 — Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity che
What This Means For You
- If your environment is affected by CWE-347, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-33467 updates and patches.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-33467 - Tampered Elastic Package Registry Package Download
title: CVE-2026-33467 - Tampered Elastic Package Registry Package Download
id: scw-2026-04-28-ai-1
status: experimental
level: high
description: |
This rule detects potential exploitation of CVE-2026-33467 by identifying requests to the Elastic Package Registry API that are likely attempting to download a package. The vulnerability allows an attacker to substitute a tampered package if they can intercept network traffic or influence the self-hosted registry. This detection focuses on the download endpoint and looks for common query parameters associated with package retrieval, indicating an attempt to fetch a package that might be tampered with.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-33467/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/api/registry/v1/packages/'
sc-status:
- 200
cs-method:
- 'GET'
selection_tampered_package:
cs-uri-query|contains:
- 'version=' # Heuristic: look for version parameter, though exact exploit might vary
condition: selection AND selection_tampered_package
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-33467 | vulnerability | CVE-2026-33467 |
| CWE-347 | weakness | CWE-347 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 29, 2026 at 01:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-42167: ProFTPD mod_sql RCE Via Log Expansion
CVE-2026-42167 — mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER...
CVE-2026-7319: Path Traversal in elinsky execution-system-mcp Poses Remote Risk
CVE-2026-7319 — A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component...
CVE-2026-7318 — Elie Mcp-Project Path Traversal
CVE-2026-7318 — A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the...