PT-2026-60110 · Apollo · Apollo
Published
2026-07-13
·
Updated
2026-07-15
·
CVE-2026-59955
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apollo versions prior to 2.5.2
Description
Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled. This occurs because requests sent to the endpoint '/configfiles/raw/{appId}/{clusterName}/{namespace}' are parsed for authentication using the literal string "raw" as the
appId instead of the actual appId provided in the path. Consequently, ConfigService looks up AccessKey secrets for an application named "raw"; if no such application exists, the system may allow the request to proceed without signature verification, even if the target application has authentication enabled. An unauthenticated remote attacker can exploit this to read raw configuration data.Recommendations
Update to version 2.5.2.
Fix
RCE
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apollo