Vendor
An authentication bypass vulnerability (CVE-2026-59955) in Apollo ConfigService allows unauthenticated remote attackers to read raw configuration data by exploiting an incorrect appId parsing logic for the raw config file endpoint, affecting versions prior to 2.5.2.