CVE-2026-39998
Vulnerability Description
Improper Input Validation vulnerability in Apache APISIX.
The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers.
This issue affects Apache APISIX: from 2.12.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers.
This issue affects Apache APISIX: from 2.12.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-20
Source
NVD
Vendor
Apache Software Foundation
Product
Apache APISIX
Discussion (0)
Add Comment
No comments yet. Be the first!