PT-2026-57975 · Apache · Apache Doris
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-58319
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Doris versions prior to 3.1.0
Description
Certain HTTP REST administrative APIs in the Frontend (FE) were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, which may compromise cluster integrity and availability, leading to instability or a denial of service.
Recommendations
Upgrade to Apache Doris version 3.1.0 or later.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Doris