Main Vulnerability Database Vulnerabilities #VU121931

#VU121931 Improper authorization in Apache Solr - CVE-2026-22022

Published: January 22, 2026

Vulnerability identifier: #VU121931

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-22022

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Solr

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improper input validation in the Rule Based Authorization Plugin. A remote authenticated user can bypass certain "predefined permission" rules in the RuleBasedAuthorizationPlugin under specific configurations and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://lists.apache.org/thread/mr1ch0r17jybfv0jy78ry8o21hns340z

#VU121931 Improper authorization in Apache Solr - CVE-2026-22022

Description

Remediation

External links

Please verify you're human