{"api_version":"1","generated_at":"2026-07-18T02:44:51+00:00","cve":"CVE-2026-59955","urls":{"html":"https://cve.report/CVE-2026-59955","api":"https://cve.report/api/cve/CVE-2026-59955.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-59955","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-59955"},"summary":{"title":"Apollo ConfigService access key authentication bypass via raw config file appId parsing","description":"Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under /configfiles/raw/{appId}/{clusterName}/{namespace} are parsed for authentication as appId raw instead of the actual path appId, causing ConfigService to look up AccessKey secrets for raw before verifying the request signature and potentially continue without signature verification for the target appId. This issue is fixed in version 2.5.2.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-07-15 17:16:51","updated_at":"2026-07-15 19:18:34"},"problem_types":["CWE-20","CWE-287","CWE-20 CWE-20: Improper Input Validation","CWE-287 CWE-287: Improper Authentication"],"metrics":[{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://github.com/apolloconfig/apollo/releases/tag/v2.5.2","name":"https://github.com/apolloconfig/apollo/releases/tag/v2.5.2","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/apolloconfig/apollo/commit/310809d557e01c6803051736cd525e333ffe00ec","name":"https://github.com/apolloconfig/apollo/commit/310809d557e01c6803051736cd525e333ffe00ec","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/apolloconfig/apollo/security/advisories/GHSA-h4pc-58cc-hc95","name":"https://github.com/apolloconfig/apollo/security/advisories/GHSA-h4pc-58cc-hc95","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-59955","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-59955","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"apolloconfig","product":"apollo","version":"affected < 2.5.2","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"59955","cve":"CVE-2026-59955","epss":"0.005490000","percentile":"0.422810000","score_date":"2026-07-17","updated_at":"2026-07-18 00:07:22"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-59955","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-15T18:11:33.382651Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-15T18:11:39.238Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"apollo","vendor":"apolloconfig","versions":[{"status":"affected","version":"< 2.5.2"}]}],"descriptions":[{"lang":"en","value":"Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under /configfiles/raw/{appId}/{clusterName}/{namespace} are parsed for authentication as appId raw instead of the actual path appId, causing ConfigService to look up AccessKey secrets for raw before verifying the request signature and potentially continue without signature verification for the target appId. This issue is fixed in version 2.5.2."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20: Improper Input Validation","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-287","description":"CWE-287: Improper Authentication","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-15T16:26:05.005Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/apolloconfig/apollo/security/advisories/GHSA-h4pc-58cc-hc95","tags":["x_refsource_CONFIRM"],"url":"https://github.com/apolloconfig/apollo/security/advisories/GHSA-h4pc-58cc-hc95"},{"name":"https://github.com/apolloconfig/apollo/commit/310809d557e01c6803051736cd525e333ffe00ec","tags":["x_refsource_MISC"],"url":"https://github.com/apolloconfig/apollo/commit/310809d557e01c6803051736cd525e333ffe00ec"},{"name":"https://github.com/apolloconfig/apollo/releases/tag/v2.5.2","tags":["x_refsource_MISC"],"url":"https://github.com/apolloconfig/apollo/releases/tag/v2.5.2"}],"source":{"advisory":"GHSA-h4pc-58cc-hc95","discovery":"UNKNOWN"},"title":"Apollo ConfigService access key authentication bypass via raw config file appId parsing"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-59955","datePublished":"2026-07-15T16:26:05.005Z","dateReserved":"2026-07-07T18:49:15.607Z","dateUpdated":"2026-07-15T18:11:39.238Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-15 17:16:51","lastModifiedDate":"2026-07-15 19:18:34","problem_types":["CWE-20","CWE-287","CWE-20 CWE-20: Improper Input Validation","CWE-287 CWE-287: Improper Authentication"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T18:11:33.382651Z","id":"CVE-2026-59955","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"59955","Ordinal":"1","Title":"Apollo ConfigService access key authentication bypass via raw co","CVE":"CVE-2026-59955","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"59955","Ordinal":"1","NoteData":"Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under /configfiles/raw/{appId}/{clusterName}/{namespace} are parsed for authentication as appId raw instead of the actual path appId, causing ConfigService to look up AccessKey secrets for raw before verifying the request signature and potentially continue without signature verification for the target appId. This issue is fixed in version 2.5.2.","Type":"Description","Title":"Apollo ConfigService access key authentication bypass via raw co"}]}}}