Auth bypass in Apache Software Foundation Nifi
CVE-2026-44914
Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additiona…
Vulnerability class: Broken Access Control
Affected products
- Apache Software Foundation Nifi — versions 1.12.0
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)
- af854a3a-2127-422b-91ae-364da2661108