A vulnerability labeled as critical has been found in Apache Shiro . This vulnerability affects unknown code of the component Guice-Web . The manipulation results in improper authentication. This vulnerability is known as CVE-2026-56091 . It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.