NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-50628

Summary	A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.
Publication Date	June 12, 2026, 7:16 p.m.
Registration Date	June 13, 2026, 4:16 a.m.
Last Update	June 12, 2026, 10:08 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://lists.apache.org/thread/vb3ho8lf228gh90m1fpnohf2008xrdxk	security@apache.org
2	http://www.openwall.com/lists/oss-security/2026/06/11/5	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html