Wso2 Carbon Api Management Implementation
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Wso2 Carbon Api Management Implementation.
By the Year
In 2026 there have been 2 vulnerabilities in Wso2 Carbon Api Management Implementation with an average score of 5.8 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 5.80 |
It may take a day or so for new Wso2 Carbon Api Management Implementation vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Wso2 Carbon Api Management Implementation Security Vulnerabilities
WSO2 APIM 3.x RBAC Bypass in Gateway & Internal Service APIs
CVE-2025-8325
6.3 - Medium
- May 11, 2026
The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x versions. A malicious actor with a valid user account on a vulnerable deployment can perform sensitive operations against the Gateway REST API regardless of their actual roles or privileges. This could lead to unintended behavior or misuse, particularly in production environments.
Improper Preservation of Permissions
WSO2 API Manager Webhook HTTP Header Injection
CVE-2025-8154
5.3 - Medium
- May 11, 2026
In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP response headers. This can lead to various adverse effects, including the manipulation of browser caching, alteration of security-related headers, and the injection of sensitive information such as cookie values, potentially enabling session hijacking or other malicious activities.
Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Wso2 Carbon Api Management Implementation or by Wso2? Click the Watch button to subscribe.
