Lucene search
K

6 matches found

OSV
OSV
added 2026/06/23 2:37 p.m.4 views

BIT-APISIX-2026-49231 Apache APISIX: Identity spoofing issue in APISIX opa plugin

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

5.4CVSS5.9AI score0.00359EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 2:16 p.m.11 views

CVE-2026-49231

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

5.4CVSS0.00359EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:14 p.m.8 views

EUVD-2026-38020

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

2.3CVSS5.9AI score0.00359EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 1:14 p.m.29 views

CVE-2026-49231 Apache APISIX: Identity spoofing issue in APISIX opa plugin

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

2.3CVSS0.00359EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:14 p.m.21 views

CVE-2026-49231

CVE-2026-49231 describes an authentication bypass via spoofed identity headers in the APISIX opa plugin. Affected software: Apache APISIX (versions 3.5.0–3.16.0). Root cause: spoofed headers accepted due to non-default plugin configuration, allowing an attacker to relay identities to an upstream ...

5.4CVSS5.9AI score0.00359EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-50896

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.5.0 through 3.16.0 Description An authentication bypass issue exists in the opa plugin. An attacker can relay spoofed identity headers to upstream services by exploiting non-default configurations in the opa plugin,...

5.4CVSS5.9AI score0.00359EPSS
Exploits0References6
Rows per page
Query Builder