CVE-2025-59060

CVE-2025-59060: Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient

Vendor Apache Software Foundation

Product Apache Ranger

Weakness CWE-297

Published March 3, 2026

Last update March 3, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.

Key dates

Disclosure timeline

March 3, 2026 CVE published

March 3, 2026 Record updated