Solr

This hub aggregates every CVE we track for Solr, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

OSS Librarieson-premlibrary

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH22MEDIUM15CRITICAL9LOW1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Solr.

CVE-2026-44825Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users8.1Jun 1, 2026
CVE-2026-22022Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin8.2Jan 21, 2026
CVE-2026-22444Apache Solr: Insufficient file-access checking in standalone core-creation requests7.1Jan 21, 2026
CVE-2025-24814Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files5.5Jan 27, 2025
CVE-2024-52012Apache Solr: Configset upload on Windows allows arbitrary path write-access5.4Jan 27, 2025
CVE-2024-45217Apache Solr: ConfigSets created during a backup restore command are trusted implicitly8.1Oct 16, 2024
CVE-2024-45216Apache Solr: Authentication bypass possible using a fake URL Path ending9.8Oct 16, 2024
CVE-2023-50291Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords7.5Feb 9, 2024
CVE-2023-50292Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users7.5Feb 9, 2024
CVE-2023-50298Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions7.5Feb 9, 2024
CVE-2023-50386Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets8.8Feb 9, 2024
CVE-2023-50290Apache Solr: Host environment variables are published via the Metrics API6.5Jan 15, 2024
CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
CVE-2021-44548Apache Solr information disclosure vulnerability through DataImportHandler9.8Dec 23, 2021
CVE-2021-33813An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.7.5Jun 16, 2021

Product normalization is registry-driven with AI assist and human review. How it works