Zhu Yucheng

**Name of the Vulnerable Software and Affected Versions** Apache APISIX Dashboard versions prior to 2.10.1 **Description** The issue is related to the Manager API in Apache APISIX Dashboard, which uses two frameworks, `gin` and `droplet`. While all APIs and authentication middleware are developed based on the `droplet` framework, some APIs directly use the interface of the `gin` framework, bypassing authentication. This allows a remote attacker to bypass the authentication procedure. **Recommendations** For Apache APISIX Dashboard versions prior to 2.10.1, update to version 2.10.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Manager API to minimize the risk of exploitation. Avoid using the interface of the `gin` framework directly in APIs until the issue is resolved.