Apache Software Foundation Apache Solr vulnerabilities

CVE-2026-22022 [HIGH] CWE-285 CVE-2026-22022: Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria are impacted by this vulnerability: * Use of Solr's "Rule

CVE-2026-22444 [HIGH] CWE-20 CVE-2026-22444: The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some AP The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting https://https://solr.apache.org/guide/solr/latest/configuration-guide/configuring-solr-xm

CVE-2024-52012 [MEDIUM] CWE-23 CVE-2024-52012: Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnera Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.

CVE-2025-24814 [MEDIUM] CWE-250 CVE-2025-24814: Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr i Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "tr

CVE-2024-45216 [CRITICAL] CWE-287 CVE-2024-45216: Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlu Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the ori

CVE-2024-45217 [HIGH] CWE-1188 CVE-2024-45217: Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are c Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this l

CVE-2023-50292 [HIGH] CWE-732 CVE-2023-50292: Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when t

CVE-2023-50386 [HIGH] CWE-434 CVE-2023-50386: Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous T Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files t

CVE-2023-50298 [HIGH] CWE-200 CVE-2023-50298: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs,

CVE-2023-50291 [HIGH] CWE-522 CVE-2023-50291: Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a

CVE-2023-50290 [MEDIUM] CWE-200 CVE-2023-50290: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Me Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Env

CVE-2021-44548 [CRITICAL] CWE-20 CVE-2021-44548: An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensi

CVE-2021-27905 [CRITICAL] CWE-918 CVE-2021-27905: The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a si

CVE-2021-29943 [CRITICAL] CWE-863 CVE-2021-29943: When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8 When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

CVE-2021-29262 [HIGH] CWE-522 CVE-2021-29262: When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParams When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the s

CVE-2017-3164 [HIGH] CWE-918 CVE-2017-3164: Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" p Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

CVE-2019-0192 [CRITICAL] CWE-502 CVE-2019-0192: In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JM In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.

CVE-2018-8026 [MEDIUM] CWE-611 CVE-2018-8026: This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entit This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can b

CVE-2018-8010 [MEDIUM] CWE-611 CVE-2018-8010: This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity e This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in

CVE-2018-1308 [HIGH] CWE-611 CVE-2018-1308: This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.