CVE-2026-31923 | Apache APISIX up to 3.14.x Openid-connect tls_verify cleartext transmission

A vulnerability described as problematic has been identified in Apache APISIX up to 3.14.x. Affected by this issue is some unknown functionality of the component Openid-connect. Executing a manipulation of the argument tls_verify can lead to cleartext transmission of sensitive information.

This vulnerability is tracked as CVE-2026-31923. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More