Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2026/02/17 12:31 p.m.8 views

org.apache.nifi:nifi-framework-nar (>=1.1.0 <=1.9.2), org.apache.nifi:nifi-jetty (>=1.1.0 <=1.9.2) +3 more potentially affected by CVE-2026-25903 via org.apache.nifi:nifi-web-api (>=1.1.0 <=2.7.2)

org.apache.nifi:nifi-web-api MAVEN version =1.1.0, =1.1.0, =1.1.0, =2.0.0, =1.20.0, =1.20.0, =2.7.2 Source cves: CVE-2026-25903 Source advisory: OSV:GHSA-C5W7-M8WF-XC77...

8.7CVSS7.4AI score0.0075EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/17 10:54 a.m.9 views

org.apache.nifi:nifi-framework-nar (>=1.1.0 <=1.9.2), org.apache.nifi:nifi-jetty (>=1.1.0 <=1.9.2) +3 more potentially affected by CVE-2026-25903 via org.apache.nifi:nifi-web-api (>=1.1.0 <=2.7.2)

org.apache.nifi:nifi-web-api MAVEN version =1.1.0, =1.1.0, =1.1.0, =2.0.0, =1.20.0, =1.20.0, =2.7.2 Source cves: CVE-2026-25903 Source advisory: SNYK:JAVA-ORGAPACHENIFI-15304459...

8.7CVSS7.4AI score0.0075EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/17 9:54 a.m.3 views

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

8.7CVSS5.6AI score0.0075EPSS
Exploits0References1
CVE
CVE
added 2026/02/17 9:54 a.m.38 views

CVE-2026-25903

Summary: CVE-2026-25903 affects Apache NiFi 1.1.0–2.7.2, where updating configuration properties on extension components with Restricted annotation permissions bypasses some authorization checks. This can allow a user with lower privileges to modify properties for components that require higher p...

8.7CVSS5.6AI score0.0075EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder