Apache

Apisix

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.41%
  • Veröffentlicht 19.06.2026 13:07:50
  • Zuletzt bearbeitet 23.06.2026 15:08:22

Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are re...

  • EPSS 0.28%
  • Veröffentlicht 19.06.2026 13:04:39
  • Zuletzt bearbeitet 23.06.2026 14:57:13

Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended...

  • EPSS 0.25%
  • Veröffentlicht 14.04.2026 08:38:59
  • Zuletzt bearbeitet 17.04.2026 18:39:45

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. User...

  • EPSS 0.24%
  • Veröffentlicht 14.04.2026 08:08:05
  • Zuletzt bearbeitet 17.04.2026 18:38:47

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which...

  • EPSS 0.52%
  • Veröffentlicht 14.04.2026 08:06:18
  • Zuletzt bearbeitet 17.04.2026 18:40:12

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upg...

  • EPSS 0.43%
  • Veröffentlicht 31.10.2025 08:48:23
  • Zuletzt bearbeitet 05.11.2025 14:44:13

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has b...

  • EPSS 0.17%
  • Veröffentlicht 06.07.2025 06:15:21
  • Zuletzt bearbeitet 04.11.2025 22:16:08

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-pl...

  • EPSS 0.41%
  • Veröffentlicht 02.07.2025 11:08:47
  • Zuletzt bearbeitet 04.11.2025 22:16:15

A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-conne...

  • EPSS 1.07%
  • Veröffentlicht 02.05.2024 10:15:08
  • Zuletzt bearbeitet 10.07.2025 16:00:20

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or ...

Warnung Medienbericht Exploit
  • EPSS 100%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 12.05.2026 15:10:32

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.