CVE-2026-59955 in Apolloالمعلومات

الملخص

بحسب MITRE • 15/07/2026

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under /configfiles/raw/{appId}/{clusterName}/{namespace} are parsed for authentication as appId raw instead of the actual path appId, causing ConfigService to look up AccessKey secrets for raw before verifying the request signature and potentially continue without signature verification for the target appId. This issue is fixed in version 2.5.2.

Be aware that VulDB is the high quality source for vulnerability data.

إفشاء

15/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-378253

EPSS

0.00000

KEV

لا

النشاطات

منخفض

المصادر

Do you want to use VulDB in your project?

Use the official API to access entries easily!