CVE-2026-57111: CWE-1385 Missing Origin Validation in WebSockets in Apache Software Foundation Apache Helix REST
Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin requests to administrative REST endpoints via a cross-origin request from an arbitrary origin, since the filter unconditionally returns Access-Control-Allow-Origin: * together with Access-Control-Allow-Credentials: true and reflects arbitrary Access-Control-Request-Method / Access-Control-Request-Headers values in preflight responses. Users are recommended to upgrade to version 2.0.1, which fixes this issue.
AI Analysis
Technical Summary
CVE-2026-57111 describes a missing origin validation vulnerability (CWE-1385) in the Apache Helix REST API's CORS filter (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in versions up to 2.0.0. The filter incorrectly allows any origin by returning Access-Control-Allow-Origin: * combined with Access-Control-Allow-Credentials: true and reflects arbitrary Access-Control-Request-Method and Access-Control-Request-Headers in preflight responses. This misconfiguration enables cross-origin requests from arbitrary origins, potentially allowing attackers to read sensitive administrative REST API responses when a victim user visits a malicious web page. The vendor recommends upgrading to version 2.0.1 to address this vulnerability.
Potential Impact
The vulnerability allows remote attackers who can control a web page visited by an authorized user to bypass same-origin policy restrictions and issue cross-origin requests to administrative REST endpoints. This can lead to unauthorized reading of sensitive data from the REST API. There are no known exploits in the wild at this time.
Mitigation Recommendations
Users should upgrade Apache Helix REST to version 2.0.1, which fixes the permissive CORS configuration issue. Patch status is not explicitly confirmed in the advisory, but the vendor recommendation to upgrade to 2.0.1 indicates an official fix is available. No additional mitigation steps are specified.
CVE-2026-57111: CWE-1385 Missing Origin Validation in WebSockets in Apache Software Foundation Apache Helix REST
Description
Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin requests to administrative REST endpoints via a cross-origin request from an arbitrary origin, since the filter unconditionally returns Access-Control-Allow-Origin: * together with Access-Control-Allow-Credentials: true and reflects arbitrary Access-Control-Request-Method / Access-Control-Request-Headers values in preflight responses. Users are recommended to upgrade to version 2.0.1, which fixes this issue.
CVSS v3.1
Score 7.5high
Affected software
pkg:maven/Apache Software Foundation/org.apache.helix:helix-restRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-57111 describes a missing origin validation vulnerability (CWE-1385) in the Apache Helix REST API's CORS filter (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in versions up to 2.0.0. The filter incorrectly allows any origin by returning Access-Control-Allow-Origin: * combined with Access-Control-Allow-Credentials: true and reflects arbitrary Access-Control-Request-Method and Access-Control-Request-Headers in preflight responses. This misconfiguration enables cross-origin requests from arbitrary origins, potentially allowing attackers to read sensitive administrative REST API responses when a victim user visits a malicious web page. The vendor recommends upgrading to version 2.0.1 to address this vulnerability.
Potential Impact
The vulnerability allows remote attackers who can control a web page visited by an authorized user to bypass same-origin policy restrictions and issue cross-origin requests to administrative REST endpoints. This can lead to unauthorized reading of sensitive data from the REST API. There are no known exploits in the wild at this time.
Mitigation Recommendations
Users should upgrade Apache Helix REST to version 2.0.1, which fixes the permissive CORS configuration issue. Patch status is not explicitly confirmed in the advisory, but the vendor recommendation to upgrade to 2.0.1 indicates an official fix is available. No additional mitigation steps are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2026-06-23T21:53:48.681Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4f598968715ace43f21a8c
Added to database: 07/09/2026, 08:19:21 UTC
Last enriched: 07/09/2026, 08:33:23 UTC
Last updated: 07/09/2026, 20:36:40 UTC
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.