CVE-2026-49872
The CVE-2026-49872 entry concerns Apache APISIX and its cas-auth plugin. Affected versions are 3.0.0 through 3.16.0; the issue is an improper authentication flaw where, when cas-auth is used on a route, an attacker may authenticate using credentials from a different source. The public documentati...