CVE Daily – Kong Gateway (High+Critical) https://cvedaily.com/pages/tags/kong-gateway.html CVE Daily – Kong Gateway (High+Critical) en Wed, 03 Jun 2026 21:27:12 +0000 [High] CVE-2021-27306 – An improper access control vulnerability in the JWT plugin in Kong Gateway prior... https://nvd.nist.gov/vuln/detail/CVE-2021-27306 https://nvd.nist.gov/vuln/detail/CVE-2021-27306 Thu, 18 Mar 2021 15:15:16 +0000 High CVE-2021-27306

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.

CVSS: 7.5 · CWE: CWE-706

View on NVD

]]> [Critical] CVE-2020-11710 – An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API p... https://nvd.nist.gov/vuln/detail/CVE-2020-11710 https://nvd.nist.gov/vuln/detail/CVE-2020-11710 Sun, 12 Apr 2020 17:15:10 +0000 Critical CVE-2020-11710

An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug Scope - The issue scope was on Kong's docker-compose template, and not Kong's docker image itself. In reality, this issue is n…

CVSS: 9.8 · CWE: N/A

View on NVD

]]>