Back to overview

CVE-2026-58319

Description
Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to cluster instability or denial of service. This issue affects Apache Doris versions prior to 3.1.0. Users are advised to upgrade to Apache Doris 3.1.0 or later.

Metadata

CVE ID
CVE-2026-58319
State
PUBLISHED
Assigner
apache
Reserved
2026-06-30 03:29 UTC
Published
2026-07-14 09:36 UTC
Last updated
2026-07-14 09:38 UTC
Primary CWE
CWE-306
CWE-306 Missing Authentication for Critical Function
Vendor / Product
Apache Software Foundation / Apache Doris
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Apache Software Foundation Apache Doris 2.1.0 < 3.1.0
Weakness (CWE)
CWESourceDescription
CWE-306 cna CWE-306 Missing Authentication for Critical Function
Back to overview