CVE-2026-49231 | Apache APISIX up to 3.16.0 Upstream Service authentication spoofing

June 19, 2026 Yanac

A vulnerability classified as critical was found in Apache APISIX up to 3.16.0. Affected by this vulnerability is an unknown functionality of the component Upstream Service. The manipulation results in authentication bypass by spoofing.

This vulnerability is reported as CVE-2026-49231. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More