Known Vulnerabilities for products from Apache

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Apache".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-50076 json Not Provided 2026-06-04 2026-06-04
CVE-2026-49975 json Not Provided 2026-06-08 2026-06-08
CVE-2026-49361 json Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAX_VALUE as the maximum f... Not Provided 2026-06-01 2026-06-01
CVE-2026-49328 json Not Provided 2026-06-01 2026-06-01
CVE-2026-49298 json A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API ... Not Provided 2026-06-01 2026-06-03
CVE-2026-49270 json Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ ... Not Provided 2026-06-01 2026-06-01
CVE-2026-49267 json Not Provided 2026-06-01 2026-06-02
CVE-2026-49157 json Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.... Not Provided 2026-06-01 2026-06-01
CVE-2026-48913 json Not Provided 2026-06-08 2026-06-08
CVE-2026-48827 json Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pac... Not Provided 2026-06-01 2026-06-01
CVE-2026-48726 json A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout ... Not Provided 2026-06-01 2026-06-03
CVE-2026-48589 json Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In aff... Not Provided 2026-05-25 2026-05-28
CVE-2026-47323 json Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy ... Not Provided 2026-05-19 2026-06-04
CVE-2026-46764 json The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched audit-log rows directly by num... Not Provided 2026-06-01 2026-06-02
CVE-2026-46745 json Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attacker... Not Provided 2026-05-25 2026-05-27
CVE-2026-46718 json Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This iss... Not Provided 2026-06-02 2026-06-03
CVE-2026-46605 json Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to rem... Not Provided 2026-06-01 2026-06-01
CVE-2026-46586 json Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Cod... Not Provided 2026-05-19 2026-05-20
CVE-2026-45505 json Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker,... Not Provided 2026-06-01 2026-06-01
CVE-2026-45434 json Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This i... Not Provided 2026-05-19 2026-05-20
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Apache

Type Vendor Product Version
ApplicationApacheAccumulo1.10.0
ApplicationApacheActivemq-
ApplicationApacheActivemq Apollo1.0
ApplicationApacheActivemq Artemis-
ApplicationApacheAirflow0.1
ApplicationApacheAllura1.0.0
ApplicationApacheAmbari0.9
ApplicationApacheAmqp 0-x Jms Client6.0.3
ApplicationApacheAmqp Jms Client0.9.0
ApplicationApacheAnt1.1
ApplicationApacheApache-ssl1.37
ApplicationApacheApache Test-
ApplicationApacheApisix1.2
ApplicationApacheApr-util0.9.1
ApplicationApacheArchiva0.9
ApplicationApacheArrow0.1.0
ApplicationApacheAsterixdb-
ApplicationApacheAtlas0.5.0
ApplicationApacheAxis-
ApplicationApacheAxis2-
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report