A vulnerability described as problematic has been identified in Apache APISIX up to 3.14.x . Affected by this issue is some unknown functionality of the component Openid-connect . Executing a manipulation of the argument tls_verify can lead to cleartext transmission of sensitive information. This vulnerability is tracked as CVE-2026-31923 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.