Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Apache APISIX exposes sensitive data in plaintext
CVE-2026-31924
Summary
Apache APISIX versions 2.99.0 to 3.15.0 send sensitive information over an unsecured connection. This means that anyone with access to the network could intercept and read that information. To fix this, update to version 3.16.0 or later.
Original title
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.
tencent-cloud-cls log export uses plaintext HTTP
This issue affects Apache APISIX: from 2.99.0 through 3.15.0.
User...
Original description
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.
tencent-cloud-cls log export uses plaintext HTTP
This issue affects Apache APISIX: from 2.99.0 through 3.15.0.
Users are recommended to upgrade to version 3.16.0, which fixes the issue.
tencent-cloud-cls log export uses plaintext HTTP
This issue affects Apache APISIX: from 2.99.0 through 3.15.0.
Users are recommended to upgrade to version 3.16.0, which fixes the issue.
Vulnerability type
CWE-319
Cleartext Transmission of Sensitive Information
Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026