Vulnerability in Apache Software Foundation Nifi
CVE-2026-54665
Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configu…
Affected products
- Apache Software Foundation Nifi — versions 0.0.1
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)
- af854a3a-2127-422b-91ae-364da2661108