Lucene search
K

262 matches found

OSV
OSV
added 2026/04/16 11:36 p.m.2 views

BIT-APISIX-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

9.1CVSS5.7AI score0.00521EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 p.m.6 views

CVE-2026-31908

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

9.1CVSS5.8AI score0.00521EPSS
Exploits1References1
NVD
NVD
added 2026/04/14 9:16 a.m.18 views

CVE-2026-31924

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.3CVSS0.00238EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 9:16 a.m.4 views

CVE-2026-31908

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

9.1CVSS0.00521EPSS
Exploits1References2
NVD
NVD
added 2026/04/14 9:16 a.m.5 views

CVE-2026-31923

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to sslverify in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, whic...

7.5CVSS0.0025EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 8:38 a.m.2 views

CVE-2026-31923

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to sslverify in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, whic...

5.8AI score0.0025EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/14 8:38 a.m.34 views

CVE-2026-31923 Apache APISIX: Openid-connect `tls_verify` field is disabled by default

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to sslverify in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, whic...

0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 8:38 a.m.12 views

EUVD-2026-22239

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to sslverify in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, whic...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 8:38 a.m.28 views

CVE-2026-31923

CVE-2026-31923 affects Apache APISIX (0.7–3.15.0) due to openid-connect plugin tls_verify/ssl_verify being disabled by default, enabling cleartext transmission of sensitive information. The CVSSv3.1 base score is 7.5 (Network attack, Low attack complexity, no privileges or user interaction, Confi...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 8:38 a.m.1 views

CVE-2026-31923 Apache APISIX: Openid-connect `tls_verify` field is disabled by default

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to sslverify in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, whic...

5.8AI score0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 8:8 a.m.5 views

EUVD-2026-22227

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 8:8 a.m.2 views

CVE-2026-31924 Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 8:8 a.m.27 views

CVE-2026-31924 Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 8:8 a.m.13 views

CVE-2026-31924

Summary: CVE-2026-31924 affects Apache APISIX due to cleartext transmission of sensitive information in the tencent-cloud-cls log export feature. Affected versions are 2.99.0 through 3.15.0. The issue enables plaintext HTTP exposure for logs/telemetry as described in connected advisories. Impact ...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 8:8 a.m.8 views

CVE-2026-31924

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00238EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/14 8:6 a.m.4 views

EUVD-2026-22225

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00521EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 8:6 a.m.5 views

CVE-2026-31908

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00521EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/14 8:6 a.m.26 views

CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

0.00521EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/14 8:6 a.m.2 views

CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00521EPSS
Exploits1References1
CVE
CVE
added 2026/04/14 8:6 a.m.30 views

CVE-2026-31908

Apache APISIX (forward-auth plugin) is affected by a header injection vulnerability (CVE-2026-31908) tracked across multiple feeds. Affects versions 2.12.0 through 3.15.0; exploitation arises from improper sanitization of CRLF sequences in the forward-auth plugin, enabling injection of HTTP heade...

9.1CVSS5.8AI score0.00521EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder