ReportizFlow
Filtered by vendor Apache Software Foundation
Subscriptions
Filtered by product Apache Apisix
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49871 | 1 Apache Software Foundation | 1 Apache Apisix | 2026-06-19 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim takes upstream are then attributed to attackers identity. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the issue. | ||||
Page 1 of 1.