THREAT OPS › Threat News › [GHSA] GHSA-h4pc-58cc-hc95 (high) — Apollo ConfigService access key authentication bypass via raw config file appId parsing
[GHSA] GHSA-h4pc-58cc-hc95 (high) — Apollo ConfigService access key authentication bypass via raw config file appId parsing
GHSA-h4pc-58cc-hc95 Severity: high CVE: CVE-2026-59955
Apollo ConfigService access key authentication bypass via raw config file appId parsing
### Summary Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey / management key authentication is enabled because authentication parsed the appId incorrectly for the raw config file endpoint.
### Details Requests
Indicators of compromise
- CVE-2026-59955cve
Original source: https://github.com/advisories/GHSA-h4pc-58cc-hc95