A vulnerability identified as critical has been detected in Weaviate up to 1.37.7 . This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler . The manipulation of the argument StaticApiKey leads to authorization bypass. This vulnerability is traded as CVE-2026-11500 . It is possible to initiate the attack remotely. Furthermore, there is an exploit available. You should upgrade the affected component.