CVE-2025-59060 PUBLISHED

Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient

Assigner: apache
Reserved: 08.09.2025 Published: 03.03.2026 Updated: 03.03.2026

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0.

Users are recommended to upgrade to version 2.8.0, which fixes this issue.

Product Status

Vendor Apache Software Foundation
Product Apache Ranger
Versions Default: unaffected
  • affected from 0 to 2.7.0 (incl.)

Credits

  • Nikita Markevich <markevich.nikita1@gmail.com> finder

References

Problem Types

  • CWE-297 Improper Validation of Certificate with Host Mismatch CWE