PT-2026-60110 · Apollo · Apollo

Published

2026-07-13

·

Updated

2026-07-15

·

CVE-2026-59955

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Apollo versions prior to 2.5.2
Description Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled. This occurs because requests sent to the endpoint '/configfiles/raw/{appId}/{clusterName}/{namespace}' are parsed for authentication using the literal string "raw" as the appId instead of the actual appId provided in the path. Consequently, ConfigService looks up AccessKey secrets for an application named "raw"; if no such application exists, the system may allow the request to proceed without signature verification, even if the target application has authentication enabled. An unauthenticated remote attacker can exploit this to read raw configuration data.
Recommendations Update to version 2.5.2.

Fix

RCE

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59955
GHSA-H4PC-58CC-HC95

Affected Products

Apollo