CVE-2026-23901 | Apache Shiro up to 2.0.6 timing discrepancy

Inserito da Angelo Barbosa | Feb 9, 2026 | CVE

A vulnerability, which was classified as problematic, has been found in Apache Shiro up to 2.0.6. Affected by this issue is some unknown functionality. Performing a manipulation results in observable timing discrepancy.

This vulnerability is identified as CVE-2026-23901. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2026-23901 | Apache Shiro up to 2.0.6 timing discrepancy

Post correlati

CVE-2023-52800 | Linux Kernel up to 5.10.201/5.15.139/6.1.63/6.5.12/6.6.2 ath11k ath11k_mac_get_ar_by_pdev_id use after free

CVE-2025-22750 | Tarak Patel Post Carousel & Slider Plugin up to 1.0.4 on WordPress cross site scripting

CVE-2025-6854 | chatchat-space Langchain-Chatchat up to 0.3.1 files?purpose=assistants path traversal (Issue 5353)

CVE-2025-7488 | JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 /file/download Name path traversal (Issue 18)