CVE-2026-31908
Vulnerability Description
Header injection vulnerability in Apache APISIX.
The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers.
This issue affects Apache APISIX: from 2.12.0 through 3.15.0.
Users are recommended to upgrade to version 3.16.0, which fixes the issue.
The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers.
This issue affects Apache APISIX: from 2.12.0 through 3.15.0.
Users are recommended to upgrade to version 3.16.0, which fixes the issue.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-75
Source
NVD
Vendor
Apache Software Foundation
Product
Apache APISIX
Discussion (0)
Add Comment
No comments yet. Be the first!