CVE-2026-49231

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

EUVD-2026-38020

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

CVE-2026-49231

CVE-2026-49231 describes an authentication bypass via spoofed identity headers in the APISIX opa plugin. Affected software: Apache APISIX (versions 3.5.0–3.16.0). Root cause: spoofed headers accepted due to non-default plugin configuration, allowing an attacker to relay identities to an upstream ...

CVE-2026-49231 Apache APISIX: Identity spoofing issue in APISIX opa plugin

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

PT-2026-50896

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.5.0 through 3.16.0 Description An authentication bypass issue exists in the opa plugin. An attacker can relay spoofed identity headers to upstream services by exploiting non-default configurations in the opa plugin,...

CVE-2026-39821 affecting package opa for versions less than 0.63.0-4

CVE-2026-39821 affecting package opa for versions less than 0.63.0-4. A patched version of the package is available...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: dagger, rancher, skaffold, eksctl, kubescape, k8ssandra-client, cluster-api-helm-controller, kube-arangodb, scorecard, kots, docker, wolfictl, helm-mapkubeapis, kubescape-operator, trivy-operator, helm, helm-set-status, linkerd2, consul-k8s, teleport, k8sgpt, k9s, k3...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: wolfictl, chaos-mesh-fips, steampipe, kube-arangodb-fips, chartmuseum, gitlab-rails-ce-fips, kube-mgmt, docker-compose-fips, neuvector-scanner-fips, helm, gatekeeper, kubescape-operator, jfrog-cli, spegel-fips, tw, grype-db, buildkitd, skaffold-fips, xeol-fips,...

OPENSUSE-SU-2026:10755-1 opa-1.16.2-1.1 on GA media

These are all security issues fixed in the opa-1.16.2-1.1 package on the GA media of openSUSE Tumbleweed...

actix-web-opentelemetry (>=0.2.0 <=0.17.0), ailake-file (>=0.0.8 <=0.0.10) +202 more potentially affected by CVE-2026-43868 via thrift (>=0.0.4 <=0.17.0)

thrift CARGO version =0.0.4, =0.2.0, =0.0.8, =0.0.6, =0.3.0, =0.3.5, =0.3.5, =0.2.0, =0.7.0, =0.1.0, =0.1.0, =0.32.1, =0.34.0 and more Source cves: CVE-2026-43868 Source advisory: OSV:GHSA-2F9F-GQ7V-9H6M...

org.apache.polaris:polaris-admin (>=1.0.0-incubating <=1.4.0), org.apache.polaris:polaris-api-catalog-service (>=1.0.0-incubating <=1.4.0) +23 more potentially affected by CVE-2026-42811 via org.apache.polaris:polaris-core (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-core MAVEN version =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.3.0-incubating, =1.3.0-incubating, =1.1.0-incubating, =1.1.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 and more Source...

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42812 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42812 Source advisory: SNYK:JAVA-ORGAPACHEPOLARIS-16422548...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: dgraph, x509-certificate-exporter, opentelemetry-operator, cilium, crossplane-provider-azure-authorization, goreleaser, tailscale, cloud-sql-proxy, falcoctl, delve, scorecard, go-discover, slsa-verifier, terraform-provider-sendgrid, nuclei, k8s-device-plugin, tetrago...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: mods, q, tailscale, slsa-verifier, kyverno-notation-aws, local-static-provisioner, cloud-provider-azure, smokescreen, nri-discovery-kubernetes, minio-operator, modelmesh-runtime-adapter, external-dns, rancher-webhook, rancher-loglevel, go-licenses, ip-masq-agent, buf...

CVE-2025-11065 affecting package opa for versions less than 0.63.0-3

CVE-2025-11065 affecting package opa for versions less than 0.63.0-3. A patched version of the package is available...

CVE-2025-11065 affecting package opa for versions less than 0.63.0-6

CVE-2025-11065 affecting package opa for versions less than 0.63.0-6. A patched version of the package is available...

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: sops, pulumi-language-java, terraform-provider-acme, wolfictl, crossplane-provider-aws-lambda-fips, fleet-server-fips, crossplane-provider-aws-ec2, kubo, splunk-otel-collector-fips, src, contour-fips, crossplane-provider-aws-firehose,...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: sops, pulumi-language-java, terraform-provider-acme, wolfictl, crossplane-provider-aws-lambda-fips, fleet-server-fips, crossplane-provider-aws-ec2, kubo, splunk-otel-collector-fips, src, contour-fips, crossplane-provider-aws-firehose,...

CVE-2026-26205 vulnerabilities

Vulnerabilities for packages: opa-envoy...

GHSA-9F29-V6MM-PW6W vulnerabilities

Vulnerabilities for packages: opa-envoy...