THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-h4pc-58cc-hc95 (high) — Apollo ConfigService access key authentication bypass via raw config file appId parsing

[GHSA] GHSA-h4pc-58cc-hc95 (high) — Apollo ConfigService access key authentication bypass via raw config file appId parsing

medgithub_advisoriesPublished 2026-07-13

GHSA-h4pc-58cc-hc95 Severity: high CVE: CVE-2026-59955

Apollo ConfigService access key authentication bypass via raw config file appId parsing

### Summary Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey / management key authentication is enabled because authentication parsed the appId incorrectly for the raw config file endpoint.

### Details Requests

Indicators of compromise

Original source: https://github.com/advisories/GHSA-h4pc-58cc-hc95