PatchSiren cyber security CVE debrief

CVE-2026-44046 Apache Software Foundation CVE debrief

CVE-2026-44046 is a low-severity vulnerability in Apache APISIX, affecting versions from 1.2.0 through 3.16.0. The issue allows attackers to potentially pollute logs with spoofed identity information and exploit IP-based access control rules using the wolf-rbac plugin under default configuration. Defenders should assess their exposure and prioritize upgrading to version 3.17.0, which fixes the issue. The vulnerability has a CVSS score of 2.3 and is considered low severity.

Vendor: Apache Software Foundation
Product: Apache APISIX
CVSS: LOW 2.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-19
Original CVE updated: 2026-06-22
Advisory published: 2026-06-19
Advisory updated: 2026-06-22

Who should care

Defenders responsible for Apache APISIX instances, particularly those using versions between 1.2.0 and 3.16.0, should assess their exposure and take action. This includes reviewing current configurations, especially the wolf-rbac plugin, and planning an upgrade to version 3.17.0. Security teams and administrators managing API gateways should prioritize this vulnerability due to its potential impact on log integrity and access control.

Technical summary

The vulnerability, CVE-2026-44046, is caused by the use of a less trusted source in Apache APISIX. Specifically, the wolf-rbac plugin under default configuration allows an attacker to potentially pollute logs with spoofed identity information. This could be used to exploit IP-based access control rules. The issue affects Apache APISIX versions from 1.2.0 through 3.16.0. The Common Vulnerabilities and Exposures (CVE) score is 2.3, indicating low severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

Low severity vulnerability; prioritize based on exposure and potential impact on log integrity and access control.

Recommended defensive actions

Inventory Apache APISIX instances to identify those running vulnerable versions (1.2.0 through 3.16.0).
Review current configurations, especially the wolf-rbac plugin, to assess potential exposure.
Plan and execute an upgrade to Apache APISIX version 3.17.0.
Monitor logs for potential spoofed identity information.
Verify IP-based access control rules are not being exploited.

Evidence notes

The primary evidence for this vulnerability comes from the CVE record and the NVD detail page. The vulnerability affects Apache APISIX versions from 1.2.0 through 3.16.0. Defenders should verify the version of Apache APISIX in use and review the wolf-rbac plugin configuration. The CVE score is 2.3, indicating low severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Official resources

CVE-2026-44046 CVE record
CVE.org
CVE-2026-44046 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
af854a3a-2127-422b-91ae-364da2661108

This article is AI-assisted and based on the supplied source corpus.