Unauthorized Access in Apache Doris Administrative APIs
CVE-2026-58319

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
14 July 2026

What is CVE-2026-58319?

Certain administrative APIs in Apache Doris were found to be reachable without required authentication, allowing unauthenticated attackers with network access to perform unauthorized administrative tasks. Such access could compromise the integrity and availability of the cluster, potentially leading to instability or denial of service. To mitigate this risk, users are strongly encouraged to upgrade to Apache Doris version 3.1.0 or later.

Affected Version(s)

Apache Doris 2.1.0 < 3.1.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Calvin Kirs, Security Researcher at SelectDB
.