Primary

Context

Apache Solr Rule Based Authorization Plugin Unauthorized Access Vulnerability

Vulnerability

Patched

A vulnerability exists in Apache Solr versions 5.3.0 through 9.10.0 that use the Rule Based Authorization Plugin. This vulnerability allows unauthorized access to certain Solr APIs due to inadequate input validation. The issue affects deployments that specify multiple roles in their RuleBasedAuthorizationPlugin configuration, use certain pre-defined permission rules, do not define the 'all' permission, and have a networking setup that allows unfiltered client requests to Solr.

Impact

Exploitation of this vulnerability could lead to unauthorized access to Solr APIs, potentially allowing users to perform actions or access data they should not be permitted to.

Remediation

Users can mitigate this vulnerability by updating their RuleBasedAuthorizationPlugin configuration to include the 'all' permission and associating it with an 'admin' or other privileged role. Alternatively, users can upgrade to Apache Solr version 9.10.1 or later.

Added: Jan 21, 2026, 2:19 PM

Updated: Jan 21, 2026, 4:22 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.6

remediation

7.9

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.6

remediation

7.9

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Solr Rule Based Authorization Plugin Unauthorized Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Solr

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating