Vulnerability in Apache Software Foundation Apisix

CVE-2026-31923

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3…

EPSS: 0.000 (14.3th percentile) — read the EPSS interpretation.