What is CVE-2026-22444?

The "create core" API of Apache Solr versions 8.6 to 9.10.0 is vulnerable due to insufficient input validation, potentially leading to serious security risks. Organizations should prioritize patching immediately to mitigate these risks.

What is the severity of CVE-2026-22444?

CVE-2026-22444 has a severity rating of HIGH with a CVSS base score of 7.1.

CVE-2026-22444 | High Vulnerability in Apache Solr

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting. These read-only accesses can allow users to create cores using unexpected configsets if any are accessible via the filesystem. On Windows systems configured to allow UNC paths, this can additionally cause disclosure of NTLM "user" hashes.

Solr deployments are subject to this vulnerability if they meet the following criteria: Solr is running in its "standalone" mode, Solr's "allowPath" setting is being used to restrict file access to certain directories, and Solr's "create core" API is exposed and accessible to untrusted users. This can happen if Solr's RuleBasedAuthorizationPlugin is disabled, or if it is enabled but the "core-admin-edit" predefined permission (or an equivalent custom permission) is given to low-trust user roles.

Users can mitigate this by enabling Solr's RuleBasedAuthorizationPlugin (if disabled) and configuring a permission-list that prevents untrusted users from creating new Solr cores. Users should also upgrade to Apache Solr 9.10.1 or greater, which contain fixes for this issue.

Risk to organizations includes unauthorized access to sensitive files, potential data leakage, and the risk of NTLM hash disclosure on vulnerable Windows systems.

Organizations should prioritize patching immediately.

Vulnerability Details

This vulnerability allows attackers to exploit the insufficient input validation in the "create core" API of Apache Solr. The CVSS score is 7.1, indicating a high severity level. The affected versions include Apache Solr 8.6 through 9.10.0, and the vulnerability was published on January 21, 2026.

Technical Analysis

The root cause of this vulnerability stems from inadequate input validation, allowing the API to check and read file paths that should be restricted. The attack vector is network-based with low complexity, requiring low privileges, and does not require user interaction. The confidentiality impact is high, with a low impact on integrity and no availability impact.

Risk & Impact Analysis

Organizations using Apache Solr in standalone mode and with the "allowPaths" setting should assess their exposure to this vulnerability. The potential for unauthorized access to sensitive filesystem data poses a significant risk. Given the CVSS score of 7.1 and the potential for exploitation, the urgency for remediation is high.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

Apache Solr versions 8.6.0 through 9.10.0 are affected. Users should upgrade to Apache Solr 9.10.1 or greater to mitigate the vulnerability.

Mitigation & Remediation

To mitigate this vulnerability, organizations should enable Solr's RuleBasedAuthorizationPlugin and configure it to restrict permissions for untrusted users. Upgrading to Apache Solr 9.10.1 or greater is critical to ensure the vulnerability is addressed. For further information on security assessments, organizations can refer to application security assessments and implement strong access controls.

Detection Guidance

Monitoring logs for unauthorized attempts to create cores, analyzing user permissions, and tracking unusual access patterns can help in identifying potential exploitation of this vulnerability.

AppSecure Threat Intelligence Insight

This vulnerability highlights the importance of robust input validation mechanisms in application programming. Security teams should learn from this incident to enhance their security postures and prevent similar vulnerabilities in the future. For organizations looking to improve their security measures, penetration testing methodologies can provide deeper insights into potential security flaws. Additionally, implementing a comprehensive vulnerability management program can help in identifying and remediating such vulnerabilities proactively.

For organizations utilizing cloud environments, understanding the nuances of cloud security is essential for maintaining security.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-22444: High Vulnerability in Apache Solr