Unauthorized Access in Apache Doris Administrative APIs
CVE-2026-58319
Currently unrated
What is CVE-2026-58319?
Certain administrative APIs in Apache Doris were found to be reachable without required authentication, allowing unauthenticated attackers with network access to perform unauthorized administrative tasks. Such access could compromise the integrity and availability of the cluster, potentially leading to instability or denial of service. To mitigate this risk, users are strongly encouraged to upgrade to Apache Doris version 3.1.0 or later.
Affected Version(s)
Apache Doris 2.1.0 < 3.1.0