CVE-2026-44911

UNKNOWN 0.0

Apache NiFi: Incorrect Authorization for Configuration Verification Requests

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to invoke predefined verification methods with alternative settings. Apache NiFi installations that do not implement different levels of authorization for viewing and modifying component configuration are not subject to this vulnerability. Upgrading to Apache NiFi 2.10.0 is the recommended mitigation, requiring write access to submit configuration verification requests.

CWE	CWE-863
Vendor	apache software foundation
Product	apache nifi
Published	Jun 22, 2026
Last Updated	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache nifi

Be the first to know when new unknown vulnerabilities affecting apache software foundation apache nifi are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache NiFi

1.15.0 ≤ 2.9.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

lists.apache.org: https://lists.apache.org/thread/wrj3t4k2bwd2cztyp078f5kj3722qfzy openwall.com: http://www.openwall.com/lists/oss-security/2026/06/20/4

Credits

Kaixuan Li from Nanyang Technological University