Primary

Context

Apache APISIX Cleartext Transmission of Sensitive Information Vulnerability in Tencent Cloud CLS Log Export

Vulnerability

Patched

A vulnerability allowing cleartext transmission of sensitive information has been identified in the Apache APISIX plugin for Tencent Cloud CLS log export. This issue affects versions 2.99.0 prior to 3.15.0, where log export is conducted over unencrypted HTTP. Users are advised to upgrade to version 3.16.0, which addresses this vulnerability.

Impact

Exploitation of this vulnerability could lead to the interception of sensitive information transmitted in plaintext over HTTP during the log export process.

Remediation

Users should upgrade to Apache APISIX version 3.16.0 or later, where this vulnerability has been fixed.

Added: Apr 14, 2026, 9:28 AM

Updated: Apr 14, 2026, 9:28 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.4

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.4

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache APISIX Cleartext Transmission of Sensitive Information Vulnerability in Tencent Cloud CLS Log Export

Vulnerability

Impact

Remediation

Affected Products

Apache APISIX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating