Apache NiFi Vulnerability CVE-2026-25903 Allows Authorization Bypass

Apache NiFi Vulnerability CVE-2026-25903 Allows Authorization Bypass

First seen 17 Feb 2026, 09:11 UTC GbhackersCybersecuritynews 90% similarity 45.9

Article Content

Browse articles
ThreatCluster

A high-severity vulnerability in Apache NiFi, tracked as CVE-2026-25903, has been disclosed, allowing lower-privileged users to modify restricted components. This flaw affects Apache NiFi versions 1.1.0 through 2.7.2 and has been addressed in version 2.8.0. Users are urged to upgrade to mitigate potential security risks.

ThreatCluster AI

Timeline

2026-02-16
CVE-2026-25903 disclosed
2026-02-17
Apache NiFi users urged to upgrade due to vulnerability
2026-02-17
Patch released in version 2.8.0

Community

Browse all →