A vulnerability classified as problematic was found in Apache APISIX up to 3.16.0 . The affected element is an unknown function of the component Configuration Handler . Executing a manipulation can lead to cross-site request forgery. This vulnerability is registered as CVE-2026-49871 . It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.