Vulnerability in Apache Software Foundation Shiro
CVE-2026-56091
When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://www.cve.org/CVERecord?id=CVE-2020-1957 https://www…
EPSS: 0.004 (33.8th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Shiro — versions 0, 3.0.0-alpha-0
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)