Vulnerability in Apache Software Foundation Shiro
CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If stat…
EPSS: 0.001 (27.5th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Shiro — versions 0
Weakness classification (CWE)
References
- lists.apache.org/thread/5jjf0hnjcol58z2m5y255c7scz1lnp8k (vendor-advisory)