{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31924", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2026-03-10T12:14:05.125Z", "datePublished": "2026-04-14T08:08:05.615Z", "dateUpdated": "2026-04-14T19:51:55.994Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache APISIX", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "3.15.0", "status": "affected", "version": "2.99.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Oleh Konko"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.</p>tencent-cloud-cls log export uses plaintext HTTP<br><p>This issue affects Apache APISIX: from 2.99.0 through 3.15.0.</p><p>Users are recommended to upgrade to version 3.16.0, which fixes the issue.</p>"}], "value": "Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.\n\ntencent-cloud-cls log export uses plaintext HTTP\nThis issue affects Apache APISIX: from 2.99.0 through 3.15.0.\n\nUsers are recommended to upgrade to version 3.16.0, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-04-14T08:08:05.615Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/sqxjjlt87c1q28db28ztdxylm5pgwohq"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/14/2"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-14T08:37:18.355Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T19:51:31.208191Z", "id": "CVE-2026-31924", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T19:51:55.994Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.\n\ntencent-cloud-cls log export uses plaintext HTTP\nThis issue affects Apache APISIX: from 2.99.0 through 3.15.0.\n\nUsers are recommended to upgrade to version 3.16.0, which fixes the issue."}], "id": "CVE-2026-31924", "lastModified": "2026-04-14T20:16:38.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-14T09:16:35.953", "references": [{"source": "security@apache.org", "url": "https://lists.apache.org/thread/sqxjjlt87c1q28db28ztdxylm5pgwohq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/04/14/2"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "security@apache.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.99.0,3.15.0]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Apache APISIX", "source": "cna", "vendor": "Apache Software Foundation"}, "product": "apisix", "vendor": "apache"}], "analysis": {"en": {"generated_at": "2026-04-14T09:20:45.697160+00:00", "value": {"mitigation_remediation": ["Upgrade Apache APISIX to version 3.16.0 or later.", "Verify the tencent-cloud-cls plugin is configured to use HTTPS for log export.", "Monitor network traffic for any plaintext log transmission anomalies."], "summary": {"action": "Upgrade", "impact": "Sensitive information transmitted in cleartext"}, "threat_synthesis": {"affected_systems": "Systems running Apache APISIX versions 2.99.0 through 3.15.0 are affected. These versions include the default configuration of the tencent-cloud-cls plugin and are distributed by the Apache Software Foundation. Upgrading to 3.16.0 removes the insecure HTTP transport and implements secure logging.", "description_and_impact": "Apache APISIX\u2019s tencent-cloud-cls plugin transmits log data over plain text HTTP, which allows an adversary to intercept and read any sensitive information contained within the logs. This clear\u2011text data transfer is a classic CWE\u2011319 vulnerability that exposes confidentiality information without permitting code execution or denial of service. An attacker who can observe the network between APISIX and the CLS endpoint can capture log payloads, potentially revealing user data or diagnostic details.", "risk_and_exploitability": "Because the flaw relies on plain HTTP transmission, any network path that an attacker can monitor\u2014such as an internal network or a compromised router\u2014can be used to capture logs. There is no known authentication bypass required to exploit the flaw; the attack requires simply observing traffic. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting a moderate exploitation risk, but the exposure of potentially sensitive log records makes it a critical concern for organizations that maintain strict confidentiality requirements."}}}}, "created": "2026-04-14T16:15:48.106453+00:00", "updated": "2026-04-14T16:30:44.900329+00:00", "vendors": ["apache", "apache$PRODUCT$apisix"]}