CVE-2026-47339
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk14th percentile - higher than 14% of all known CVEs
Summary
CVE-2026-47339 in Apache APISIX has an incorrect authorization vulnerability that allows an attacker to authenticate using credentials from a different source. This issue affects versions from 2.14.1 through 3.16.0.
Risk Assessment
The organization may be exposed to unauthorized access to the system, potentially leading to data breaches or other serious security incidents.
Recommendation
It is recommended to upgrade to version 3.17.0, which fixes the issue.
Original NVD description (English source)
Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the issue.

