Apache NiFi users must upgrade immediately following the disclosure of a high-severity authorization bypass vulnerability, tracked as CVE-2026-25903. Published on February 16, 2026, this flaw affects versions 1.1.0 through 2.7.2. It allows less-privileged authenticated users to modify configuration properties on “restricted” extension components added to a flow by more privileged administrators. In tiered-permission environments, this […] The post Critical Apache NiFi Vulnerabilities Enable Authorization Bypass appeared first on Cyber Security News.