THREAT OPS › Threat News › [GHSA] GHSA-4w3q-qpfq-v992 (high) — Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching
[GHSA] GHSA-4w3q-qpfq-v992 (high) — Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching
GHSA-4w3q-qpfq-v992 Severity: high CVE: CVE-2026-59954
Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching
### Summary Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream reques
Indicators of compromise
- CVE-2026-59954cve
Original source: https://github.com/advisories/GHSA-4w3q-qpfq-v992