PT-2026-50885 · Apache · Apache Apisix

Lokerxxx

+1

·

Published

2026-06-19

·

Updated

2026-06-19

·

CVE-2026-44915

CVSS v4.0

2.1

Low

VectorAV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX.
The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2026-44915

Affected Products

Apache Apisix