CVE-2026-49871

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

CVE-2026-49872

Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...

CVE-2026-49872 Apache APISIX: Improper authentication in cas-auth plugin

Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...

com.100shouhou.golddata:golddata-spider (>=1.1.1 <=1.1.4), com.buession.cas:buession-cas-audit (>=2.0.0 <=2.3.2) +704 more potentially affected by CVE-2023-34620 via org.hjson:hjson (>=1.0.0 <=3.0.0)

org.hjson:hjson MAVEN version =1.0.0, =1.1.1, =2.0.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.0.0, =1.1.0, =2.3.0, =1.1.0, =2.3.0, =2.3.2 and more Source cves: CVE-2023-34620 Source advisory: OSV:GHSA-5WFC-HJRC-GQ87...