PT-2026-50886 · Apache · Apache Apisix
Leon
·
Published
2026-06-19
·
Updated
2026-06-19
·
CVE-2026-47339
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N |
Incorrect Authorization vulnerability in Apache APISIX.
An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source.
This issue affects Apache APISIX: from 2.14.1 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Apisix