CVE-2026-22022
- Source
- https://cve.org/CVERecord?id=CVE-2026-22022
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22022.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-22022
- Aliases
- Downstream
- Related
- Published
- 2026-01-21T14:16:06.573Z
- Modified
- 2026-03-14T12:47:37.014020Z
- Severity
-
- 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria are impacted by this vulnerability:
- Use of Solr's "RuleBasedAuthorizationPlugin"
- A RuleBasedAuthorizationPlugin config (see security.json) that specifies multiple "roles"
- A RuleBasedAuthorizationPlugin permission list (see security.json) that uses one or more of the following pre-defined permission rules: "config-read", "config-edit", "schema-read", "metrics-read", or "security-read".
- A RuleBasedAuthorizationPlugin permission list that doesn't define the "all" pre-defined permission
- A networking setup that allows clients to make unfiltered network requests to Solr. (i.e. user-submitted HTTP/HTTPS requests reach Solr as-is, unmodified or restricted by any intervening proxy or gateway)
Users can mitigate this vulnerability by ensuring that their RuleBasedAuthorizationPlugin configuration specifies the "all" pre-defined permission and associates the permission with an "admin" or other privileged role. Users can also upgrade to a Solr version outside of the impacted range, such as the recently released Solr 9.10.1.
- References
Affected packages
Git / github.com/apache/solr
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22022.json"
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/SchemaHandler.java"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"line_hashes": [
"120351066446823816478796849004261422818",
"240096633457384710817831422835243155014",
"38407301923442668321566180519037740960",
"70887022760867387724935329588019576026",
"179764876838053657294407215034930486763",
"147010765790336563100542354187234898306",
"235195966746351378923427209707493487952",
"252738467133413507932928310686382280740",
"125498264179157591138267264563231953791",
"274556390625100524067649328904052755074",
"105724591352013391946343718295551276907"
],
"threshold": 0.9
},
"id": "CVE-2026-22022-080149c3",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPluginBase.java"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"line_hashes": [
"213816450732649115831861879533981273321",
"163193992802835521350643549808705414096",
"279118738397569944925485559297762383710",
"292160663259868763816534406745559155717",
"292886144000345370672917144520777225418",
"212218239995638886601205653734497122566",
"115623506190209366829014816956538412072",
"224564576758229972759187356840065482736",
"217331465601713269584028593832134385524",
"89782819908593946504040573337181962855",
"42860695080087217257410980168474507559",
"107838308683085978204004722138780091915",
"79058199511659309388233803781513898946",
"111432781214598984776824816440695734017"
],
"threshold": 0.9
},
"id": "CVE-2026-22022-0c32e4e6",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/SolrConfigHandler.java",
"function": "handleRequestBody"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "32925405534186697611758232727948623468",
"length": 823.0
},
"id": "CVE-2026-22022-0d1b1c1f",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/admin/ZookeeperInfoHandler.java"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"line_hashes": [
"314801486394218332716187729587448876463",
"297668234085621649269638207073739227034",
"26281571418882802927218490246317570896",
"205376203250744969032773389049148311459",
"283448128921637611284629852895021185453",
"328300450744435674427303806605054338610",
"126769086198631888730044546654791673343",
"151361157194820677335377167858870518441",
"196983403002202730118792808163427749455",
"270709262109556431487133335638324708502",
"231172665077771227225530430677086623289",
"143827515772777178233896868672522835173",
"39774938605117814597467235289023746573",
"123918541420775112442862666052329074535",
"271722009058798431788998140996009881917"
],
"threshold": 0.9
},
"id": "CVE-2026-22022-1807e42d",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/admin/InfoHandler.java"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"line_hashes": [
"184580313771887693335343806361893098191",
"114232322428923849323544561933002927043",
"30584587213142902972153208626010345669",
"43693651672511506419582617180681485734"
],
"threshold": 0.9
},
"id": "CVE-2026-22022-2383ef3c",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/SchemaHandler.java",
"function": "getPermissionName"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "309815762935292469119908422789899307526",
"length": 218.0
},
"id": "CVE-2026-22022-24965513",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPluginBase.java",
"function": "predefinedPermissionAppliesToRequest"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "198955079849774671245214682800515656826",
"length": 763.0
},
"id": "CVE-2026-22022-3f238353",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/api/V2HttpCall.java",
"function": "init"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "192251288855912286863646833069882127951",
"length": 3364.0
},
"id": "CVE-2026-22022-41a805d0",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java",
"function": "HttpSolrCall"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "243056432508320266151977870548656376306",
"length": 491.0
},
"id": "CVE-2026-22022-52fb444d",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java",
"function": "getPermissionName"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "82786319854879818071137322427327792859",
"length": 372.0
},
"id": "CVE-2026-22022-5b865d58",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/api/V2HttpCall.java"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"line_hashes": [
"318557942750693441999088965693350408448",
"89960675082884901922971492094076631557",
"262092700101760725112401888166373233301",
"334782200771506371045421436203045874610",
"131546795612910344415808924453403828385",
"221912604077071235305348779528085248181",
"89567214609396714330781788893967812849",
"284614647882360805072877494404776484119"
],
"threshold": 0.9
},
"id": "CVE-2026-22022-6be6609b",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/SolrConfigHandler.java"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"line_hashes": [
"58079458214666953562059678735478141157",
"240096633457384710817831422835243155014",
"38407301923442668321566180519037740960",
"70887022760867387724935329588019576026",
"179764876838053657294407215034930486763",
"260152357607745243888842854418287848754",
"86961638886321900848155678858025933347",
"252738467133413507932928310686382280740",
"302947476867847430838349182753615611583"
],
"threshold": 0.9
},
"id": "CVE-2026-22022-7696d9b0",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/SchemaHandler.java",
"function": "handleRequestBody"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "187430033858308537579957157295996246614",
"length": 969.0
},
"id": "CVE-2026-22022-948e0f90",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"line_hashes": [
"268011071793190307035707587271849564271",
"220884027888050459794073188008898298494",
"67285741456772442012070940876174401461"
],
"threshold": 0.9
},
"id": "CVE-2026-22022-9673dd58",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/admin/SecurityConfHandler.java",
"function": "getPermissionName"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "293080062925405529498466231476761499269",
"length": 193.0
},
"id": "CVE-2026-22022-9b2dfa87",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"line_hashes": [
"150813839389802449390950779385082769168",
"157794120277178151238190850924822186718",
"314736040055257015328658767592783323746",
"74116944502192974550916330399986272055",
"100520713306865751721762720970362402368",
"118794164569753631862788791376220138110",
"221156805908894640553280895674511800568",
"143789150691660144250348740337673456259",
"46293612379576255285533091099265037937",
"108049300500548630487952472209689740132",
"106565269668895078264801588273834550237",
"204853156103783033210753635899650237082",
"50185046149780929867426153052567393208",
"253377974398886683499594306020509175379",
"227591688282585696639089661864366244677",
"206431445711209699518597590513933735912",
"50185046149780929867426153052567393208",
"91721883678795952664516638675545785829",
"137957176553714511067886981903703329252",
"4685551427119535434065476578473383278",
"137764885550340150603133934097966614117",
"270858092755672118626541746230037820837",
"24047165802911169747952491494324947778",
"245056690808061670376731011290420441844",
"198225703671653806079590215890600246031",
"103515158874399903575503905129021947114",
"98286586969809525074700928560639018412",
"210068617637129298119821977885415841024",
"195650629001091535143767240297304192978"
],
"threshold": 0.9
},
"id": "CVE-2026-22022-ad906785",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/admin/SecurityConfHandler.java"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"line_hashes": [
"268561176960722250138687528000324643692",
"67774571265588972589539497833261280251",
"189415833787220364941020379284641578567",
"194557142506412884006270997149839987165",
"84419659714445746731018964436727399059",
"162864881589519443502030191436134728087",
"252738467133413507932928310686382280740",
"111106639122235668039694155904913124616"
],
"threshold": 0.9
},
"id": "CVE-2026-22022-ae980129",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/admin/CollectionsHandler.java",
"function": "getPermissionName"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "213238151330680154814911143903409297264",
"length": 289.0
},
"id": "CVE-2026-22022-d82e9e6e",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/SolrConfigHandler.java",
"function": "getPermissionName"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "66091817643857218543813963995517282094",
"length": 189.0
},
"id": "CVE-2026-22022-d97ed861",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java",
"function": "init"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "111282808569295236401628538870253350022",
"length": 2278.0
},
"id": "CVE-2026-22022-df9c6529",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/admin/CollectionsHandler.java"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"line_hashes": [
"226306296248802359310220247995995277013",
"121496908389995506677154849858255989362",
"107621676927053957725034464286008436807",
"228164321359792569823207322297444593680"
],
"threshold": 0.9
},
"id": "CVE-2026-22022-ec2023d6",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/admin/ZookeeperInfoHandler.java",
"function": "getPermissionName"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "120437475613747371534359341551457016583",
"length": 317.0
},
"id": "CVE-2026-22022-fd16b4b2",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "solr/core/src/java/org/apache/solr/handler/admin/InfoHandler.java",
"function": "getPermissionName"
},
"source": "https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0",
"deprecated": false,
"digest": {
"function_hash": "180201855755994066701040275748131575002",
"length": 280.0
},
"id": "CVE-2026-22022-ffb0da62",
"signature_type": "Function"
}
]