CVE-2025-48977

UNKNOWN 0.0

Apache Ignite: REST HTTP arbitrary file read vulnerability

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

14th

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version 2.18.0, which fixes the issue.

CWE	CWE-23
Vendor	apache software foundation
Product	apache ignite
Published	May 28, 2026
Last Updated	May 28, 2026

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache ignite

Be the first to know when new unknown vulnerabilities affecting apache software foundation apache ignite are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache Ignite

2.0.0 ≤ 2.17.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

lists.apache.org: https://lists.apache.org/thread/hgct6918sowd8l58yjohryhpxx81t4n1 openwall.com: http://www.openwall.com/lists/oss-security/2026/05/28/3