CVE Tools

akamai

Cloud & SaaScommercial

1

Cumulative CVEs

1

Monthly snapshots

#79

Peak rank

Top products

download manager1

Latest CVEs

The 15 most recently published vulnerabilities affecting akamai.

CVE-2026-34354Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp direc...7.4May 8, 2026
CVE-2026-26365Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" co...4.0Feb 23, 2026
CVE-2025-66373Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body t...4.8Dec 4, 2025
CVE-2025-53841The GC-AGENTS-SERVICE running as part of Akamai´s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.2.0 is affected by a local privilege escalation vulnerab...7.8Dec 3, 2025
CVE-2025-54142Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Ak...4.0Aug 29, 2025
CVE-2025-32094An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continu...4.0Aug 7, 2025
CVE-2025-54568Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge node.3.7Jul 25, 2025
CVE-2025-49493Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.5.8Jun 30, 2025
CVE-2025-52491Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF.5.8Jun 30, 2025
CVE-2025-30143Rule 3000216 (before version 2) in Akamai App & API Protector (with Akamai ASE) before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties.5.4Mar 17, 2025
CVE-2025-24527An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector.8.0Jan 29, 2025
CVE-2024-45164Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has inc...7.1Nov 4, 2024
CVE-2021-40683In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.7.8Oct 4, 2021
CVE-2019-18847Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1.9.8Aug 26, 2020
CVE-2019-11011Akamai CloudTest before 58.30 allows remote code execution.9.8Jun 21, 2019