PT-2026-50899 · Apache · Apache Apisix
Lokerxxx
·
Published
2026-06-19
·
Updated
2026-06-19
·
CVE-2026-49872
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N |
Improper Authentication vulnerability in Apache APISIX.
When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Apisix