CVE Catalog

CVE-2026-47339

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile - higher than 14% of all known CVEs

Summary

CVE-2026-47339 in Apache APISIX has an incorrect authorization vulnerability that allows an attacker to authenticate using credentials from a different source. This issue affects versions from 2.14.1 through 3.16.0.

Risk Assessment

The organization may be exposed to unauthorized access to the system, potentially leading to data breaches or other serious security incidents.

Recommendation

It is recommended to upgrade to version 3.17.0, which fixes the issue.

Original NVD description (English source)

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS