Lucene search
+L

4 matches found

OSV
OSV
added 2 days ago5 views

CVE-2026-59954 Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to configuration data when AccessKey or management key authentication is enabled because ConfigService can accept a...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 10:16 p.m.15 views

CVE-2026-49869

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath.endsWith"/configs" to whitelist the public configuration endpoint from Basic Auth. Because the check is a suffix match rather than an exact path match...

10CVSS0.00684EPSS
Exploits2References1
NVD
NVD
added 2026/06/26 10:16 p.m.14 views

CVE-2026-53576

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...

10CVSS0.00472EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.19 views

PT-2026-52984

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.21 Description The authentication filter for the REST API endpoint /api/v1/ incorrectly treats any request path ending in /configs as a public instance-config endpoint, allowing it t...

10CVSS5.8AI score0.00472EPSS
Exploits2References12
Rows per page
Query Builder