A vulnerability described as problematic has been identified in Apache APISIX up to 3.16.0 . The affected element is an unknown function. Such manipulation leads to open redirect. This vulnerability is documented as CVE-2026-48895 . The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.