{"vulnerability": "cve-2026-3999", "sightings": [{"uuid": "bf0d4a0b-d0d5-4ee0-80aa-82a55c89a27a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39998", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3monjzwsif22r", "content": "CVE-2026-39998: Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup", "creation_timestamp": "2026-06-19T14:20:49.249264Z"}, {"uuid": "050981e7-7766-4bc5-964b-7869731defc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3monkbmgnwz2z", "content": "CVE-2026-39999: Apache APISIX: JWT Algorithm Confusion allows authentication bypass", "creation_timestamp": "2026-06-19T14:25:06.656181Z"}, {"uuid": "0088b078-9de0-4287-b080-5b1d8a0c5740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mosoyvi5jr2z", "content": "Apache APISIX fixed CVE-2026-39999, an authentication-bypass-by-spoofing in the jwt-auth plugin spanning versions 2.2 through 3.16.0. Upgrade to 3.17.0 to close it; the advisory claims a CVSS v4.0 score of 7.0. Is jwt-auth your only gateway authentication layer?\n#security", "creation_timestamp": "2026-06-21T15:33:01.840719Z"}, {"uuid": "1849d130-1b2b-405e-8f17-88ec023f2a22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mossamtmun2y", "content": "If your stack runs Apache APISIX with jwt-auth, CVE-2026-39999 affects versions 2.2 through 3.16.0, which is most deployments out there. An attacker could bypass authentication by spoofing. 3.17.0 fixes it. When did you last audit which gateway plugins are exposed?\n#APISIX", "creation_timestamp": "2026-06-21T16:31:02.195844Z"}, {"uuid": "95355836-0fe5-41be-8e13-8c99583d3f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39999", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3moypqtpijw24", "content": "\ud83d\udea8  ALERT: CVE-2026-39999\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nAuthentication Bypass by Spoofing vulnerability in Apache APISIX.\n\nThe attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.\nThis issue affects Apache APISIX: from v2.2 through v3.16.0.\n\nUsers are", "creation_timestamp": "2026-06-24T01:02:23.394080Z"}]}