CVE-2026-31924 PUBLISHED

Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP

Assigner: apache
Reserved: 10.03.2026 Published: 14.04.2026 Updated: 14.04.2026

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.

tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0.

Users are recommended to upgrade to version 3.16.0, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache APISIX
Versions Default: unaffected
  • affected from 2.99.0 to 3.15.0 (incl.)

Credits

  • Oleh Konko finder

References

Problem Types

  • CWE-319 Cleartext Transmission of Sensitive Information CWE