Apache Shiro — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in Apache Shiro, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE ID	Title	CVSS	Severity	Published
CVE-2026-23901	Apache Shiro: Brute force attack possible to determine valid user names CWE-208	6.5	-	2026-02-10
CVE-2026-23903	Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems CWE-289	7.5	-	2026-02-09
CVE-2023-46749	Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting CWE-22	9.8	-	2024-01-15
CVE-2023-46750	Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro. CWE-601	6.1^AI	Medium^AI	2023-12-14
CVE-2023-34478	Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests. CWE-22	9.8	-	2023-07-24
CVE-2023-22602	Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request CWE-436	7.5	-	2023-01-14
CVE-2022-40664	Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher CWE-287	9.8	-	2022-10-12
CVE-2022-32532	Authentication Bypass Vulnerability CWE-863	9.8	-	2022-06-28
CVE-2021-41303	Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass CWE-287	9.8	-	2021-09-17
CVE-2020-17523	Apache Shiro 授权问题漏洞	9.8	-	2021-02-03
CVE-2020-17510	Apache Shiro 授权问题漏洞	9.8	-	2020-11-05
CVE-2020-13933	Apache Shiro 授权问题漏洞	9.8	-	2020-08-17
CVE-2020-11989	Apache Shiro 授权问题漏洞	9.8	-	2020-06-22
CVE-2020-1957	Apache Shiro 授权问题漏洞	9.8	-	2020-03-25

All 14 known CVE vulnerabilities affecting Apache Shiro with full Chinese analysis, references, and POCs where available.