CVE-2026-50628

Published Jun 12, 2026

Last updated 2 days ago

Overview

Description
A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.
Source
security@apache.org
NVD status
Undergoing Analysis

Weaknesses

security@apache.org
CWE-20

Social media

Hype score
Not currently trending

  1. 🚨*CVE* CVE-2026-50628 A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enab… https://t.co/m445yE8Qe9 ----- Traducción: CVE-2026-50628 Un … https://t.co/utmtNg

    @infoflowcloud

    12 Jun 2026

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.