Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/06/19 1:19 p.m.34 views

CVE-2026-49872 Apache APISIX: Improper authentication in cas-auth plugin

Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...

5.3CVSS0.0032EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:19 p.m.9 views

EUVD-2026-38026

Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...

5.3CVSS5.9AI score0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:19 p.m.18 views

CVE-2026-49872

The CVE-2026-49872 entry concerns Apache APISIX and its cas-auth plugin. Affected versions are 3.0.0 through 3.16.0; the issue is an improper authentication flaw where, when cas-auth is used on a route, an attacker may authenticate using credentials from a different source. The public documentati...

8.1CVSS5.9AI score0.0032EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 1:18 p.m.38 views

CVE-2026-49871 Apache APISIX: cas-auth login CSRF / session injection issue

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

2.1CVSS0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:18 p.m.12 views

EUVD-2026-38025

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

2.1CVSS5.9AI score0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:18 p.m.46 views

CVE-2026-49871

CVE-2026-49871 describes a Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations in Apache APISIX versions 3.0.0–3.16.0. The issue allows a remote attacker who can lure a victim to a controlled webpage to cause the victim’s browser to become authentic...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 1:12 p.m.31 views

CVE-2026-44915 Apache APISIX: Cas-auth plugin open redirect via unsanitized cookie value

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0,...

2.1CVSS0.004EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:12 p.m.25 views

CVE-2026-44915

CVE-2026-44915 is an Open Redirect vulnerability in Apache APISIX related to the cas-auth plugin in its default configuration. The issue affects Apache APISIX versions 3.0.0 through 3.16.0 and could enable phishing and credential theft. Apache recommends upgrading to version 3.17.0, which contain...

6.1CVSS5.8AI score0.004EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder