Wso2 api control plane

This hub aggregates every CVE we track for Wso2 api control plane, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Wso2 api control plane.

• CVE-2025-8325Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations6.3May 11, 2026
• CVE-2025-8154HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation5.3May 11, 2026
• CVE-2025-13590Authenticated arbitrary file upload via a System REST API requiring administrator permission.9.1Feb 19, 2026
• CVE-2025-9312Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products9.8Nov 18, 2025
• CVE-2025-6670Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services8.8Nov 18, 2025
• CVE-2025-10853Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding5.2Nov 5, 2025
• CVE-2025-5770Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products6.1Nov 5, 2025
• CVE-2025-11093Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)8.4Nov 5, 2025
• CVE-2025-10907Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution8.4Nov 5, 2025
• CVE-2025-10713XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration6.5Nov 5, 2025
• CVE-2025-3125Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution6.7Nov 5, 2025
• CVE-2025-5605Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure4.3Oct 24, 2025
• CVE-2025-5350SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products5.9Oct 24, 2025
• CVE-2025-9152Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint9.8Oct 16, 2025
• CVE-2025-9804Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs9.6Oct 16, 2025