CNNVD-202602-1260 Information

CNNVD ID

CNNVD-202602-1260

Related CVE

CVE-2026-23903

• CNNVD Published: 2026-02-09

Description (Chinese)

Apache Shiro是美国阿帕奇（Apache）基金会的一套用于执行认证、授权、加密和会话管理的Java安全框架。 Apache Shiro 2.0.7之前版本存在安全漏洞，该漏洞源于备用名称身份验证绕过，可能导致在大小写不敏感的文件系统上绕过过滤器访问静态文件。

Description (English)

Apache Shiro is a Java security framework for the implementation of authentication, authorization, encryption and session management of the Apache Foundation in the United States. There was a security loophole in the pre-Apache Shiro 2.0.7 version, which resulted from the bypass of the alternate name identification, which could lead to access to static files by bypassing filters on the caseless file system.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-02-09

Last Modified

2026-02-24

References

https://lists.apache.org/thread/5jjf0hnjcol58z2m5y255c7scz1lnp8k http://www.openwall.com/lists/oss-security/2026/02/08/1 https://access.redhat.com/security/cve/cve-2026-23903

Patch

https://shiro.apache.org/