CVE-2026-47341
Vulnerability Description
Authentication Bypass by Capture-replay vulnerability in Apache APISIX.
Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry.
This issue affects Apache APISIX: from 3.11.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry.
This issue affects Apache APISIX: from 3.11.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-294
Source
NVD
Vendor
Apache Software Foundation
Product
Apache APISIX
Discussion (0)
Add Comment
No comments yet. Be the first!