Skip to content

help request: Will APISIX be affected by the vulnerability CVE-2026-49975? #13631

Description

@twobunches

Description

APISIX is developed based on Nginx. Nginx versions < 1.29.8 are affected by this vulnerability. Then, does the APISIX version need to be upgraded?

Environment

  • APISIX version (run apisix version):
  • Operating system (run uname -a):
  • OpenResty / Nginx version (run openresty -V or nginx -V):
  • etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
  • APISIX Dashboard version, if relevant:
  • Plugin runner version, for issues related to plugin runners:
  • LuaRocks version, for installation issues (run luarocks --version):

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionlabel for questions asked by users

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    📋 Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions