Apache APISIX JWT Authentication Bypass, CVE-2026-39999 Vulnerability Report Apache APISIX JWT Authentication Bypass, CVE-2026-39999 Do Son July 8, 2026 0 TL;DR Apache APISIX 3.16.0 shipped a JWT algorithm confusion bug in its jwt-auth plugin. The flaw, tracked... Read More Read more about Apache APISIX JWT Authentication Bypass, CVE-2026-39999