https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 27 Jun 2026 07:31:38 +0000 https://vulnerability.circl.lu/sighting/050981e7-7766-4bc5-964b-7869731defc4/export {"uuid": "050981e7-7766-4bc5-964b-7869731defc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3monkbmgnwz2z", "content": "CVE-2026-39999: Apache APISIX: JWT Algorithm Confusion allows authentication bypass", "creation_timestamp": "2026-06-19T14:25:06.656181Z"} {"uuid": "050981e7-7766-4bc5-964b-7869731defc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3monkbmgnwz2z", "content": "CVE-2026-39999: Apache APISIX: JWT Algorithm Confusion allows authentication bypass", "creation_timestamp": "2026-06-19T14:25:06.656181Z"} https://vulnerability.circl.lu/sighting/050981e7-7766-4bc5-964b-7869731defc4/export Fri, 19 Jun 2026 14:25:06 +0000 https://vulnerability.circl.lu/sighting/0088b078-9de0-4287-b080-5b1d8a0c5740/export {"uuid": "0088b078-9de0-4287-b080-5b1d8a0c5740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mosoyvi5jr2z", "content": "Apache APISIX fixed CVE-2026-39999, an authentication-bypass-by-spoofing in the jwt-auth plugin spanning versions 2.2 through 3.16.0. Upgrade to 3.17.0 to close it; the advisory claims a CVSS v4.0 score of 7.0. Is jwt-auth your only gateway authentication layer?\n#security", "creation_timestamp": "2026-06-21T15:33:01.840719Z"} {"uuid": "0088b078-9de0-4287-b080-5b1d8a0c5740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mosoyvi5jr2z", "content": "Apache APISIX fixed CVE-2026-39999, an authentication-bypass-by-spoofing in the jwt-auth plugin spanning versions 2.2 through 3.16.0. Upgrade to 3.17.0 to close it; the advisory claims a CVSS v4.0 score of 7.0. Is jwt-auth your only gateway authentication layer?\n#security", "creation_timestamp": "2026-06-21T15:33:01.840719Z"} https://vulnerability.circl.lu/sighting/0088b078-9de0-4287-b080-5b1d8a0c5740/export Sun, 21 Jun 2026 15:33:01 +0000 https://vulnerability.circl.lu/sighting/1849d130-1b2b-405e-8f17-88ec023f2a22/export {"uuid": "1849d130-1b2b-405e-8f17-88ec023f2a22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mossamtmun2y", "content": "If your stack runs Apache APISIX with jwt-auth, CVE-2026-39999 affects versions 2.2 through 3.16.0, which is most deployments out there. An attacker could bypass authentication by spoofing. 3.17.0 fixes it. When did you last audit which gateway plugins are exposed?\n#APISIX", "creation_timestamp": "2026-06-21T16:31:02.195844Z"} {"uuid": "1849d130-1b2b-405e-8f17-88ec023f2a22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mossamtmun2y", "content": "If your stack runs Apache APISIX with jwt-auth, CVE-2026-39999 affects versions 2.2 through 3.16.0, which is most deployments out there. An attacker could bypass authentication by spoofing. 3.17.0 fixes it. When did you last audit which gateway plugins are exposed?\n#APISIX", "creation_timestamp": "2026-06-21T16:31:02.195844Z"} https://vulnerability.circl.lu/sighting/1849d130-1b2b-405e-8f17-88ec023f2a22/export Sun, 21 Jun 2026 16:31:02 +0000 https://vulnerability.circl.lu/sighting/95355836-0fe5-41be-8e13-8c99583d3f41/export {"uuid": "95355836-0fe5-41be-8e13-8c99583d3f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3moypqtpijw24", "content": "\ud83d\udea8 ALERT: CVE-2026-39999\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nAuthentication Bypass by Spoofing vulnerability in Apache APISIX.\n\nThe attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.\nThis issue affects Apache APISIX: from v2.2 through v3.16.0.\n\nUsers are", "creation_timestamp": "2026-06-24T01:02:23.394080Z"} {"uuid": "95355836-0fe5-41be-8e13-8c99583d3f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3moypqtpijw24", "content": "\ud83d\udea8 ALERT: CVE-2026-39999\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nAuthentication Bypass by Spoofing vulnerability in Apache APISIX.\n\nThe attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.\nThis issue affects Apache APISIX: from v2.2 through v3.16.0.\n\nUsers are", "creation_timestamp": "2026-06-24T01:02:23.394080Z"} https://vulnerability.circl.lu/sighting/95355836-0fe5-41be-8e13-8c99583d3f41/export Wed, 24 Jun 2026 01:02:23 +0000