3 matches found
CVE-2026-49872
Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...
PT-2026-50899
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description Improper Authentication occurs when the cas-auth plugin is used in a route, potentially allowing an attacker to authenticate using credentials from a different source. Recommendations...
PT-2026-50886
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.14.1 through 3.16.0 Description An incorrect authorization issue exists in the authz-casdoor plugin when using the default configuration. This allows an attacker to authenticate using credentials from a different sourc...