Unauthorized Access Vulnerability in Apollo ConfigService by Apollo
CVE-2026-59955
7.5HIGH
What is CVE-2026-59955?
Apollo ConfigService, a widely used configuration management system for microservices, has a vulnerability that may allow unauthorized access to sensitive configuration data when AccessKey or management key authentication is turned on. Specifically, before version 2.5.2, the service incorrectly parsed requests for raw configuration files, permitting requests to bypass proper signature verification. As a result, attackers could potentially access sensitive information without the necessary permissions. This issue has been resolved in version 2.5.2, emphasizing the importance of updating to secure deployments.
Affected Version(s)
apollo < 2.5.2
