CVE-2026-44046

UNKNOWN 0.0

Apache APISIX: wolf-rbac plugin Identity Spoofing

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the issue.

CWE	CWE-348
Vendor	apache software foundation
Product	apache apisix
Published	Jun 19, 2026
Last Updated	Jun 19, 2026

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache apisix

Be the first to know when new unknown vulnerabilities affecting apache software foundation apache apisix are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache APISIX

1.2.0 ≤ 3.16.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

lists.apache.org: https://lists.apache.org/thread/xkshmps51b24yw0qckl5h5ddyv0x6qf9 openwall.com: http://www.openwall.com/lists/oss-security/2026/06/19/6

Credits

🔍 Qi Deng