<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Mon, 13 Jul 2026 05:12:25 +0000</lastBuildDate>
    <item>
      <title>047ff2a0-0a5c-46e5-bdae-3fede7ee3d72</title>
      <link>https://vulnerability.circl.lu/sighting/047ff2a0-0a5c-46e5-bdae-3fede7ee3d72/export</link>
      <description>{"uuid": "047ff2a0-0a5c-46e5-bdae-3fede7ee3d72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mq54a74jv225", "content": "APISIX authentication bypass CVE-2026-39999 lets attackers forge JWTs via algorithm confusion. APISIX 3.16.0 is affected; upgrade to 3.16.1.\n\n#APISIX #ApacheAPISIX #JWT #AuthBypass #InfoSec", "creation_timestamp": "2026-07-08T12:21:35.302733Z"}</description>
      <content:encoded>{"uuid": "047ff2a0-0a5c-46e5-bdae-3fede7ee3d72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mq54a74jv225", "content": "APISIX authentication bypass CVE-2026-39999 lets attackers forge JWTs via algorithm confusion. APISIX 3.16.0 is affected; upgrade to 3.16.1.\n\n#APISIX #ApacheAPISIX #JWT #AuthBypass #InfoSec", "creation_timestamp": "2026-07-08T12:21:35.302733Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/047ff2a0-0a5c-46e5-bdae-3fede7ee3d72/export</guid>
      <pubDate>Wed, 08 Jul 2026 12:21:35 +0000</pubDate>
    </item>
    <item>
      <title>744a9da8-f6b4-47d8-bc55-0cf4d127f910</title>
      <link>https://vulnerability.circl.lu/sighting/744a9da8-f6b4-47d8-bc55-0cf4d127f910/export</link>
      <description>{"uuid": "744a9da8-f6b4-47d8-bc55-0cf4d127f910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-39998", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mpavgflvtw26", "content": "\ud83d\udea8 CVE-2026-39998: Luka w Apache APISIX pozwala na fa\u0142szowanie to\u017csamo\u015bci\n\nWykryto luk\u0119 w bramce API Apache APISIX z ocen\u0105 CVSS 8.8. B\u0142\u0105d w wersjach do 3.16.0 mo\u017ce pozwoli\u0107 na omini\u0119cie\n\nhttps://potatoowi.pl/cve-2026-39998-luka-w-apache-apisix-pozwala-na-faszowanie/\n\n#potatobezpieczenstwo", "creation_timestamp": "2026-06-27T07:05:13.710695Z"}</description>
      <content:encoded>{"uuid": "744a9da8-f6b4-47d8-bc55-0cf4d127f910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-39998", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mpavgflvtw26", "content": "\ud83d\udea8 CVE-2026-39998: Luka w Apache APISIX pozwala na fa\u0142szowanie to\u017csamo\u015bci\n\nWykryto luk\u0119 w bramce API Apache APISIX z ocen\u0105 CVSS 8.8. B\u0142\u0105d w wersjach do 3.16.0 mo\u017ce pozwoli\u0107 na omini\u0119cie\n\nhttps://potatoowi.pl/cve-2026-39998-luka-w-apache-apisix-pozwala-na-faszowanie/\n\n#potatobezpieczenstwo", "creation_timestamp": "2026-06-27T07:05:13.710695Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/744a9da8-f6b4-47d8-bc55-0cf4d127f910/export</guid>
      <pubDate>Sat, 27 Jun 2026 07:05:13 +0000</pubDate>
    </item>
    <item>
      <title>94f6e3ad-b001-445c-8036-af57d4866118</title>
      <link>https://vulnerability.circl.lu/sighting/94f6e3ad-b001-445c-8036-af57d4866118/export</link>
      <description>{"uuid": "94f6e3ad-b001-445c-8036-af57d4866118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-39998", "type": "seen", "source": "https://bsky.app/profile/cyberowi.pl/post/3mpavgf4lom25", "content": "\ud83d\udea8 CVE-2026-39998: Luka w Apache APISIX pozwala na fa\u0142szowanie to\u017csamo\u015bci\n\nWykryto luk\u0119 w bramce API Apache APISIX z ocen\u0105 CVSS 8.8. B\u0142\u0105d w wersjach do 3.16.0 mo\u017ce pozwoli\u0107 na omini\u0119cie\n\nhttps://cyberowi.pl/cve-2026-39998-luka-w-apache-apisix-pozwala-na-faszowanie/\n\n#cyberbezpieczenstwo", "creation_timestamp": "2026-06-27T07:05:13.211747Z"}</description>
      <content:encoded>{"uuid": "94f6e3ad-b001-445c-8036-af57d4866118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-39998", "type": "seen", "source": "https://bsky.app/profile/cyberowi.pl/post/3mpavgf4lom25", "content": "\ud83d\udea8 CVE-2026-39998: Luka w Apache APISIX pozwala na fa\u0142szowanie to\u017csamo\u015bci\n\nWykryto luk\u0119 w bramce API Apache APISIX z ocen\u0105 CVSS 8.8. B\u0142\u0105d w wersjach do 3.16.0 mo\u017ce pozwoli\u0107 na omini\u0119cie\n\nhttps://cyberowi.pl/cve-2026-39998-luka-w-apache-apisix-pozwala-na-faszowanie/\n\n#cyberbezpieczenstwo", "creation_timestamp": "2026-06-27T07:05:13.211747Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/94f6e3ad-b001-445c-8036-af57d4866118/export</guid>
      <pubDate>Sat, 27 Jun 2026 07:05:13 +0000</pubDate>
    </item>
    <item>
      <title>95355836-0fe5-41be-8e13-8c99583d3f41</title>
      <link>https://vulnerability.circl.lu/sighting/95355836-0fe5-41be-8e13-8c99583d3f41/export</link>
      <description>{"uuid": "95355836-0fe5-41be-8e13-8c99583d3f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3moypqtpijw24", "content": "\ud83d\udea8  ALERT: CVE-2026-39999\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nAuthentication Bypass by Spoofing vulnerability in Apache APISIX.\n\nThe attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.\nThis issue affects Apache APISIX: from v2.2 through v3.16.0.\n\nUsers are", "creation_timestamp": "2026-06-24T01:02:23.394080Z"}</description>
      <content:encoded>{"uuid": "95355836-0fe5-41be-8e13-8c99583d3f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3moypqtpijw24", "content": "\ud83d\udea8  ALERT: CVE-2026-39999\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nAuthentication Bypass by Spoofing vulnerability in Apache APISIX.\n\nThe attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.\nThis issue affects Apache APISIX: from v2.2 through v3.16.0.\n\nUsers are", "creation_timestamp": "2026-06-24T01:02:23.394080Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/95355836-0fe5-41be-8e13-8c99583d3f41/export</guid>
      <pubDate>Wed, 24 Jun 2026 01:02:23 +0000</pubDate>
    </item>
    <item>
      <title>1849d130-1b2b-405e-8f17-88ec023f2a22</title>
      <link>https://vulnerability.circl.lu/sighting/1849d130-1b2b-405e-8f17-88ec023f2a22/export</link>
      <description>{"uuid": "1849d130-1b2b-405e-8f17-88ec023f2a22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mossamtmun2y", "content": "If your stack runs Apache APISIX with jwt-auth, CVE-2026-39999 affects versions 2.2 through 3.16.0, which is most deployments out there. An attacker could bypass authentication by spoofing. 3.17.0 fixes it. When did you last audit which gateway plugins are exposed?\n#APISIX", "creation_timestamp": "2026-06-21T16:31:02.195844Z"}</description>
      <content:encoded>{"uuid": "1849d130-1b2b-405e-8f17-88ec023f2a22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mossamtmun2y", "content": "If your stack runs Apache APISIX with jwt-auth, CVE-2026-39999 affects versions 2.2 through 3.16.0, which is most deployments out there. An attacker could bypass authentication by spoofing. 3.17.0 fixes it. When did you last audit which gateway plugins are exposed?\n#APISIX", "creation_timestamp": "2026-06-21T16:31:02.195844Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1849d130-1b2b-405e-8f17-88ec023f2a22/export</guid>
      <pubDate>Sun, 21 Jun 2026 16:31:02 +0000</pubDate>
    </item>
    <item>
      <title>0088b078-9de0-4287-b080-5b1d8a0c5740</title>
      <link>https://vulnerability.circl.lu/sighting/0088b078-9de0-4287-b080-5b1d8a0c5740/export</link>
      <description>{"uuid": "0088b078-9de0-4287-b080-5b1d8a0c5740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mosoyvi5jr2z", "content": "Apache APISIX fixed CVE-2026-39999, an authentication-bypass-by-spoofing in the jwt-auth plugin spanning versions 2.2 through 3.16.0. Upgrade to 3.17.0 to close it; the advisory claims a CVSS v4.0 score of 7.0. Is jwt-auth your only gateway authentication layer?\n#security", "creation_timestamp": "2026-06-21T15:33:01.840719Z"}</description>
      <content:encoded>{"uuid": "0088b078-9de0-4287-b080-5b1d8a0c5740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mosoyvi5jr2z", "content": "Apache APISIX fixed CVE-2026-39999, an authentication-bypass-by-spoofing in the jwt-auth plugin spanning versions 2.2 through 3.16.0. Upgrade to 3.17.0 to close it; the advisory claims a CVSS v4.0 score of 7.0. Is jwt-auth your only gateway authentication layer?\n#security", "creation_timestamp": "2026-06-21T15:33:01.840719Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/0088b078-9de0-4287-b080-5b1d8a0c5740/export</guid>
      <pubDate>Sun, 21 Jun 2026 15:33:01 +0000</pubDate>
    </item>
    <item>
      <title>050981e7-7766-4bc5-964b-7869731defc4</title>
      <link>https://vulnerability.circl.lu/sighting/050981e7-7766-4bc5-964b-7869731defc4/export</link>
      <description>{"uuid": "050981e7-7766-4bc5-964b-7869731defc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3monkbmgnwz2z", "content": "CVE-2026-39999: Apache APISIX: JWT Algorithm Confusion allows authentication bypass", "creation_timestamp": "2026-06-19T14:25:06.656181Z"}</description>
      <content:encoded>{"uuid": "050981e7-7766-4bc5-964b-7869731defc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3monkbmgnwz2z", "content": "CVE-2026-39999: Apache APISIX: JWT Algorithm Confusion allows authentication bypass", "creation_timestamp": "2026-06-19T14:25:06.656181Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/050981e7-7766-4bc5-964b-7869731defc4/export</guid>
      <pubDate>Fri, 19 Jun 2026 14:25:06 +0000</pubDate>
    </item>
    <item>
      <title>bf0d4a0b-d0d5-4ee0-80aa-82a55c89a27a</title>
      <link>https://vulnerability.circl.lu/sighting/bf0d4a0b-d0d5-4ee0-80aa-82a55c89a27a/export</link>
      <description>{"uuid": "bf0d4a0b-d0d5-4ee0-80aa-82a55c89a27a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39998", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3monjzwsif22r", "content": "CVE-2026-39998: Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup", "creation_timestamp": "2026-06-19T14:20:49.249264Z"}</description>
      <content:encoded>{"uuid": "bf0d4a0b-d0d5-4ee0-80aa-82a55c89a27a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39998", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3monjzwsif22r", "content": "CVE-2026-39998: Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup", "creation_timestamp": "2026-06-19T14:20:49.249264Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bf0d4a0b-d0d5-4ee0-80aa-82a55c89a27a/export</guid>
      <pubDate>Fri, 19 Jun 2026 14:20:49 +0000</pubDate>
    </item>
  </channel>
</rss>
