CVE-2026-49872
Vulnerability Description
Improper Authentication vulnerability in Apache APISIX.
When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-287
Source
NVD
Vendor
Apache Software Foundation
Product
Apache APISIX
Discussion (0)
Add Comment
No comments yet. Be the first!