PT-2026-57975 · Apache · Apache Doris

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-58319

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions Apache Doris versions prior to 3.1.0
Description Certain HTTP REST administrative APIs in the Frontend (FE) were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, which may compromise cluster integrity and availability, leading to instability or a denial of service.
Recommendations Upgrade to Apache Doris version 3.1.0 or later.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58319

Affected Products

Apache Doris