THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-4w3q-qpfq-v992 (high) — Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching

[GHSA] GHSA-4w3q-qpfq-v992 (high) — Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching

medgithub_advisoriesPublished 2026-07-13

GHSA-4w3q-qpfq-v992 Severity: high CVE: CVE-2026-59954

Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching

### Summary Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream reques

Indicators of compromise

Original source: https://github.com/advisories/GHSA-4w3q-qpfq-v992