CVE Catalog

CVE-2026-48895

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

21th percentile - higher than 21% of all known CVEs

Summary

The 'Open Redirect' vulnerability in Apache APISIX allows an attacker to manipulate client headers, potentially leading to redirection to an untrusted site and exposure of the session token.

Risk Assessment

The organization may be at risk of session theft, which could lead to unauthorized access to data.

Recommendation

Users are recommended to upgrade to version 3.17.0, which fixes the issue.

Original NVD description (English source)

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS