Junxu Chen

**Name of the Vulnerable Software and Affected Versions** Apache APISIX Dashboard version 2.6 **Description** The issue arises from a combination of factors, including a change in the default listen host to 0.0.0.0 to facilitate external network access, the use of a risky function for IP acquisition in the IP allowed list restriction, and fixed default account and password. These factors lead to security risks by making it possible to bypass network limits. **Recommendations** For Apache APISIX Dashboard version 2.6, update to version 2.6.1 to resolve the issue. As a temporary workaround, consider restricting access to the IP allowed list restriction feature until the update can be applied. Additionally, changing the default account and password can help minimize the risk of exploitation.