BIT-SOLR-2026-22444 Apache Solr: Insufficient file-access checking in standalone core-creation requests

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

CVE-2026-22444

The CVE-2026-22444 issue affects Apache Solr in standalone mode (versions 8.6–9.10.0) where the create core API performs inadequate input validation on certain API parameters. This can cause Solr to check and read file-system paths that should be blocked by the allowPaths setting, potentially all...

CVE-2026-22444

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

CVE-2026-22444

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...