A vulnerability classified as critical was found in Apache APISIX 3.8.0/3.9.0. Affected by this vulnerability is an unknown functionality of the component forward-auth Plugin. The manipulation leads to http request smuggling.

This vulnerability is known as CVE-2024-32638. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.