Code Ape Tech Column

Nov 14, 2022 · Information Security

Nacos Permission Bypass Vulnerability and Its Fix

This article explains a permission‑bypass vulnerability in Nacos 1.4.2 caused by a specific User‑Agent header, demonstrates how to reproduce it, and provides step‑by‑step instructions for fixing the issue by upgrading to version 2.1.1 or adjusting configuration files.