Skip to content

CVE lookup

CVE-2026-39999

Pruva has a verified reproduction for CVE-2026-39999: Apache APISIX jwt-auth authentication bypass via algorithm confusion. The canonical evidence record is REPRO-2026-00287.

REPRO

REPRO-2026-00287

Package

apache/apisix · github

Severity

CRITICAL

Status

published