Apisix
This hub aggregates every CVE we track for Apisix, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
25
CVEs tracked
7
Critical
10
High
2
In CISA KEV
Severity distribution
HIGH10MEDIUM8CRITICAL7
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
2
0
0
1
0
0
0
0
0
3
0
12
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Apisix.
- CVE-2026-49872Apache APISIX: Improper authentication in cas-auth plugin8.1
- CVE-2026-49871Apache APISIX: cas-auth login CSRF / session injection issue9.3
- CVE-2026-47341Apache APISIX: Session replay issue in hmac-auth6.5
- CVE-2026-48895Apache APISIX: Cas-auth Host header influence on CAS service URL7.2
- CVE-2026-49231Apache APISIX: Identity spoofing issue in APISIX opa plugin5.4
- CVE-2026-49230Apache APISIX: Authentication bypass in jwe-decrypt9.1
- CVE-2026-44915Apache APISIX: Cas-auth plugin open redirect via unsanitized cookie value6.1
- CVE-2026-44087Apache APISIX: Openid-connect plugin Identity Header Spoofing9.1
- CVE-2026-47339Apache APISIX: authz-casdoor incorrect session sharing8.1
- CVE-2026-44046Apache APISIX: wolf-rbac plugin Identity Spoofing5.8
- CVE-2026-39999Apache APISIX: JWT Algorithm Confusion allows authentication bypass9.1
- CVE-2026-39998Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup8.8
- CVE-2026-31923Apache APISIX: Openid-connect `tls_verify` field is disabled by default7.5
- CVE-2026-31924Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP5.3
- CVE-2026-31908Apache APISIX: forward auth plugin allows header injection9.1
Product normalization is registry-driven with AI assist and human review. How it works