Sign-up

ID

VAR-202604-1847


CVE

CVE-2026-31924


DESCRIPTION

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue.

Trust: 1.0

sources: NVD: CVE-2026-31924

AFFECTED PRODUCTS

vendor:apachemodel:apisixscope:ltversion:3.16.0

Trust: 1.0

vendor:apachemodel:apisixscope:gteversion:2.99.0

Trust: 1.0

sources: NVD: CVE-2026-31924

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2026-31924
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2026-31924
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: NVD: CVE-2026-31924

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

sources: NVD: CVE-2026-31924

EXTERNAL IDS

db:OPENWALLid:OSS-SECURITY/2026/04/14/2

Trust: 1.0

db:NVDid:CVE-2026-31924

Trust: 1.0

sources: NVD: CVE-2026-31924

REFERENCES

url:https://lists.apache.org/thread/sqxjjlt87c1q28db28ztdxylm5pgwohq

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2026/04/14/2

Trust: 1.0

sources: NVD: CVE-2026-31924

SOURCES

db:NVDid:CVE-2026-31924

LAST UPDATE DATE

2026-04-18T23:28:34.184000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2026-31924date:2026-04-17T18:38:47.130

SOURCES RELEASE DATE

db:NVDid:CVE-2026-31924date:2026-04-14T09:16:35.953