Improper input validation in Apache Software Foundation Apisix
CVE-2026-39998
Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
Affected products
- Apache Software Foundation Apisix — versions 2.12.0
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)
- af854a3a-2127-422b-91ae-364da2661108