Unauthorized Access Vulnerability in Apollo ConfigService by Apollo
CVE-2026-59955

7.5HIGH

Key Information:

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-59955?

Apollo ConfigService, a widely used configuration management system for microservices, has a vulnerability that may allow unauthorized access to sensitive configuration data when AccessKey or management key authentication is turned on. Specifically, before version 2.5.2, the service incorrectly parsed requests for raw configuration files, permitting requests to bypass proper signature verification. As a result, attackers could potentially access sensitive information without the necessary permissions. This issue has been resolved in version 2.5.2, emphasizing the importance of updating to secure deployments.

Affected Version(s)

apollo < 2.5.2

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.