A vulnerability categorized as critical has been discovered in Apache APISIX up to 3.16.0 . Impacted is an unknown function. The manipulation results in authentication bypass by spoofing. This vulnerability is identified as CVE-2026-39999 . The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.