A vulnerability has been found in Apache APISIX up to 3.16.0 and classified as critical . Affected by this vulnerability is an unknown functionality. This manipulation causes improper authentication. This vulnerability is handled as CVE-2026-49872 . The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.