https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-27T09:56:22.846299+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/050981e7-7766-4bc5-964b-7869731defc4/export050981e7-7766-4bc5-964b-7869731defc42026-06-27T09:56:22.871007+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "050981e7-7766-4bc5-964b-7869731defc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3monkbmgnwz2z", "content": "CVE-2026-39999: Apache APISIX: JWT Algorithm Confusion allows authentication bypass", "creation_timestamp": "2026-06-19T14:25:06.656181Z"}2026-06-19T14:25:06.656181+00:00https://vulnerability.circl.lu/sighting/0088b078-9de0-4287-b080-5b1d8a0c5740/export0088b078-9de0-4287-b080-5b1d8a0c57402026-06-27T09:56:22.870910+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "0088b078-9de0-4287-b080-5b1d8a0c5740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mosoyvi5jr2z", "content": "Apache APISIX fixed CVE-2026-39999, an authentication-bypass-by-spoofing in the jwt-auth plugin spanning versions 2.2 through 3.16.0. Upgrade to 3.17.0 to close it; the advisory claims a CVSS v4.0 score of 7.0. Is jwt-auth your only gateway authentication layer?\n#security", "creation_timestamp": "2026-06-21T15:33:01.840719Z"}2026-06-21T15:33:01.840719+00:00https://vulnerability.circl.lu/sighting/1849d130-1b2b-405e-8f17-88ec023f2a22/export1849d130-1b2b-405e-8f17-88ec023f2a222026-06-27T09:56:22.870784+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "1849d130-1b2b-405e-8f17-88ec023f2a22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mossamtmun2y", "content": "If your stack runs Apache APISIX with jwt-auth, CVE-2026-39999 affects versions 2.2 through 3.16.0, which is most deployments out there. An attacker could bypass authentication by spoofing. 3.17.0 fixes it. When did you last audit which gateway plugins are exposed?\n#APISIX", "creation_timestamp": "2026-06-21T16:31:02.195844Z"}2026-06-21T16:31:02.195844+00:00https://vulnerability.circl.lu/sighting/95355836-0fe5-41be-8e13-8c99583d3f41/export95355836-0fe5-41be-8e13-8c99583d3f412026-06-27T09:56:22.868048+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "95355836-0fe5-41be-8e13-8c99583d3f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3moypqtpijw24", "content": "\ud83d\udea8 ALERT: CVE-2026-39999\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nAuthentication Bypass by Spoofing vulnerability in Apache APISIX.\n\nThe attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.\nThis issue affects Apache APISIX: from v2.2 through v3.16.0.\n\nUsers are", "creation_timestamp": "2026-06-24T01:02:23.394080Z"}2026-06-24T01:02:23.394080+00:00