Severity: Affected versions:
- Apache APISIX 1.2.0 through 3.16.0 Description: Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through 3.16.0. Users are recommended to upgrade to version 3.16.1, which fixes the issue. Credit: Qi Deng (reporter) References: https://apisix.apache.org https://www.cve.org/CVERecord?id=CVE-2026-44046
