Critical Alert 4 Active Exploits Detected Today

CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability →
CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability →
CVE-2026-56290 Joomlack Page Builder Improper Access Control Vulnerability →
CVE-2026-48282 Adobe ColdFusion Path Traversal Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower


← Back to CVE List

CVE-2026-39999NVD

Vulnerability Summary

Authentication Bypass by Spoofing vulnerability in Apache APISIX.

The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.
This issue affects Apache APISIX: from v2.2 through v3.16.0.

Users are recommended to upgrade to version v3.17.0, which fixes the issue.
Severity Level
UNKNOWN
Published Date
Jun 19, 2026
Last Modified
Jun 22, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
0.39%Probability
Root Weakness (CWE)
N/A