Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WSO2 — Vulnerabilities & Security Advisories 57

Browse all 57 CVE security advisories affecting WSO2. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WSO2 provides an open-source platform for API management, identity and access management, and enterprise integration. Its middleware architecture, which facilitates complex digital transformations, has historically been a target for attackers due to its broad attack surface. The 57 recorded Common Vulnerabilities and Exposures (CVEs) predominantly involve remote code execution, cross-site scripting, and authentication bypass flaws. These issues often stem from improper input validation and insecure default configurations within its API gateway and identity server components. While no single catastrophic breach has defined the vendor’s public history, the high volume of vulnerabilities indicates systemic weaknesses in code review processes for legacy modules. Security practitioners must prioritize patching these known exploits, particularly those affecting exposed management consoles, to prevent unauthorized access and data exfiltration in enterprise environments relying on this integration suite.

Found 12 results / 57Clear Filters
Top products by WSO2: WSO2 API Manager WSO2 Identity Server WSO2 Enterprise Integrator WSO2 Identity Server as Key Manager WSO2 Open Banking IAM carbon-registry WSO2 Open Banking AM WSO2 API Manager WSO2 Micro Integrator
CVE IDTitleCVSSSeverityPublished
CVE-2025-10503 Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 Identity Server — WSO2 Identity ServerCWE-79 6.1 Medium2026-04-29
CVE-2025-12624 Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock — WSO2 Identity ServerCWE-613 6.0 Medium2026-04-16
CVE-2025-12107 Potential authenticated Server-Side Template Injection (SSTI) vulnerability. — WSO2 Identity ServerCWE-1336 8.4 High2026-02-19
CVE-2025-5770 Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products — WSO2 Identity ServerCWE-79 6.1 Medium2025-11-05
CVE-2025-3125 Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution — WSO2 Identity ServerCWE-434 6.7 Medium2025-11-05
CVE-2025-5605 Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure — WSO2 Identity Server 4.3 Medium2025-10-24
CVE-2025-5350 SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products — WSO2 Identity ServerCWE-918 5.9 Medium2025-10-24
CVE-2025-1396 Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled — WSO2 Identity ServerCWE-203 3.7 Low2025-09-26
CVE-2025-0209 Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server Account Registration Flow — WSO2 Identity ServerCWE-79 6.1 Medium2025-09-23
CVE-2024-1440 Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint — WSO2 Identity ServerCWE-601 5.4 Medium2025-06-02
CVE-2024-7487 Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication — WSO2 Identity ServerCWE-287 5.8 Medium2025-05-22
CVE-2024-7103 Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server 7.0.0 Sub-Organization Login Flow — WSO2 Identity ServerCWE-79 4.6 Medium2025-05-22

This page lists every published CVE security advisory associated with WSO2. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.