๐Ÿ” CVE Alert

CVE-2026-57111

HIGH 7.5

Apache Helix REST: Permissive CORS Configuration in REST API Allows Unrestricted Cross-Origin

CVSS Score
7.5
EPSS Score
0.2%
EPSS Percentile
7th

Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin requests to administrative REST endpoints via a cross-origin request from an arbitrary origin, since the filter unconditionally returns Access-Control-Allow-Origin: * together with Access-Control-Allow-Credentials: true and reflects arbitrary Access-Control-Request-Method / Access-Control-Request-Headers values in preflight responses. Users are recommended to upgrade to version 2.0.1, which fixes this issue.

CWE CWE-1385
Vendor apache software foundation
Product apache helix rest
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for apache software foundation apache helix rest

Be the first to know when new high vulnerabilities affecting apache software foundation apache helix rest are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Apache Software Foundation / Apache Helix REST
0 โ‰ค 2.0.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
lists.apache.org: https://lists.apache.org/thread/wy2yv90lvqzx46vkg35xrtfddffq9cfj openwall.com: http://www.openwall.com/lists/oss-security/2026/07/08/11

Credits

๐Ÿ” Aastha Aggarwal (https://github.com/Aastha2602)