Auth bypass in Apache Software Foundation Nifi
CVE-2026-44911
Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuratio…
Vulnerability class: Broken Access Control
Affected products
- Apache Software Foundation Nifi — versions 1.15.0
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)
- af854a3a-2127-422b-91ae-364da2661108