CSRF in Apache Software Foundation Apisix
CVE-2026-49871
Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to beco…
Vulnerability class: CSRF (Cross-Site Request Forgery)
Affected products
- Apache Software Foundation Apisix — versions 3.0.0
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)
- af854a3a-2127-422b-91ae-364da2661108