CNNVD-202602-1594 Information

CNNVD ID

CNNVD-202602-1594

Related CVE

CVE-2026-23901

• CNNVD Published: 2026-02-10

Description (Chinese)

Apache Shiro是美国阿帕奇（Apache）基金会的一套用于执行认证、授权、加密和会话管理的Java安全框架。 Apache Shiro 1.*版本和2.0.7之前版本存在安全漏洞，该漏洞源于存在可观察的时间差异，可能导致暴力破解攻击。

Description (English)

Apache Shiro is a Java security framework for the implementation of authentication, authorization, encryption and session management of the Apache Foundation in the United States. There is a security loophole in Apache Shiro 1.* and previous versions of 2.0.7, which stems from observed time differences that could lead to violent break-up of the attack.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-02-10

Last Modified

2026-02-24

References

https://lists.apache.org/thread/mm1jct9b86jvnh3y44tj22xvjtx3xhhh http://www.openwall.com/lists/oss-security/2026/02/08/2 https://access.redhat.com/security/cve/cve-2026-23901

Patch

https://shiro.apache.org/download.html