Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-49230

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass.  This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 13.6%
CVSS Severity
CVSS v3 Score 9.1
Products affected by CVE-2026-49230
  • Apache » Apisix » Version: 3.10.0
    cpe:2.3:a:apache:apisix:3.10.0
  • Apache » Apisix » Version: 3.11.0
    cpe:2.3:a:apache:apisix:3.11.0
  • Apache » Apisix » Version: 3.12.0
    cpe:2.3:a:apache:apisix:3.12.0
  • Apache » Apisix » Version: 3.13.0
    cpe:2.3:a:apache:apisix:3.13.0
  • Apache » Apisix » Version: 3.14.0
    cpe:2.3:a:apache:apisix:3.14.0
  • Apache » Apisix » Version: 3.14.1
    cpe:2.3:a:apache:apisix:3.14.1
  • Apache » Apisix » Version: 3.15.0
    cpe:2.3:a:apache:apisix:3.15.0
  • Apache » Apisix » Version: 3.16.0
    cpe:2.3:a:apache:apisix:3.16.0
  • Apache » Apisix » Version: 3.8.0
    cpe:2.3:a:apache:apisix:3.8.0
  • Apache » Apisix » Version: 3.8.1
    cpe:2.3:a:apache:apisix:3.8.1
  • Apache » Apisix » Version: 3.9.0
    cpe:2.3:a:apache:apisix:3.9.0
  • Apache » Apisix » Version: 3.9.1
    cpe:2.3:a:apache:apisix:3.9.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved