CVE-2026-39999
Vulnerability Description
Authentication Bypass by Spoofing vulnerability in Apache APISIX.
The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.
This issue affects Apache APISIX: from v2.2 through v3.16.0.
Users are recommended to upgrade to version v3.17.0, which fixes the issue.
The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.
This issue affects Apache APISIX: from v2.2 through v3.16.0.
Users are recommended to upgrade to version v3.17.0, which fixes the issue.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-290
Source
NVD
Vendor
Apache Software Foundation
Product
Apache APISIX
Discussion (0)
Add Comment
No comments yet. Be the first!