Cleartext Transmission Vulnerability in Apache APISIX by Apache
CVE-2026-31924

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Apisix
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-31924?

A vulnerability identified in Apache APISIX allows for the cleartext transmission of sensitive information through the tencent-cloud-cls log export using plaintext HTTP. This issue affects multiple versions of Apache APISIX, specifically those from 2.99.0 to 3.15.0. Users are strongly advised to upgrade to version 3.16.0 to mitigate this risk.

Affected Version(s)

Apache APISIX 2.99.0 <= 3.15.0

References

https://lists.apache.org/thread/sqxjjlt87c1q28db28ztdxylm...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 10, 2026

Credit

Oleh Konko

CVE-2026-31924 Data

JSON