Akamai
Products
13- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
19| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10157 | Cri | 0.64 | 9.8 | 0.02 | Jan 23, 2017 | Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code… | ||
| CVE-2025-24527 | Hig | 0.52 | 8.0 | 0.00 | Jan 29, 2025 | An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector. | ||
| CVE-2025-53841 | Hig | 0.51 | 7.8 | 0.00 | Dec 3, 2025 | The GC-AGENTS-SERVICE running as part of Akamai´s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.2.0 is affected by a local privilege escalation vulnerability. The service will attempt to read an OpenSSL configuration file from a… | ||
| CVE-2026-34354 | Hig | 0.48 | 7.4 | 0.00 | May 8, 2026 | Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU… | ||
| CVE-2025-52491 | Med | 0.38 | 5.8 | 0.00 | Jun 30, 2025 | Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF. | ||
| CVE-2025-49493 | Med | 0.38 | 5.8 | 0.03 | Jun 30, 2025 | Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection. | ||
| CVE-2025-30143 | Med | 0.35 | 5.4 | 0.00 | Mar 17, 2025 | Rule 3000216 (before version 2) in Akamai App & API Protector (with Akamai ASE) before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties. | ||
| CVE-2025-54568 | Low | 0.24 | 3.7 | 0.00 | Jul 25, 2025 | Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge node. | ||
| CVE-2008-1770 | 0.04 | — | 0.10 | Jun 4, 2008 | CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. | |||
| CVE-2007-6339 | 0.01 | — | 0.11 | May 1, 2008 | The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." | |||
| CVE-2025-66373 | 0.00 | — | 0.00 | Dec 4, 2025 | Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk… | |||
| CVE-2024-45164 | 0.00 | — | 0.00 | Nov 4, 2024 | Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert… | |||
| CVE-2024-3930 | 0.00 | — | 0.00 | Jul 30, 2024 | In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered. | |||
| CVE-2024-5250 | 0.00 | — | 0.00 | Jul 30, 2024 | In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations | |||
| CVE-2024-5249 | 0.00 | — | 0.00 | Jul 30, 2024 | In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. | |||
| CVE-2021-40683 | 0.00 | — | 0.00 | Oct 4, 2021 | In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. | |||
| CVE-2019-18847 | 0.00 | — | 0.02 | Aug 26, 2020 | Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. | |||
| CVE-2019-11011 | 0.00 | — | 0.03 | Jun 21, 2019 | Akamai CloudTest before 58.30 allows remote code execution. | |||
| CVE-2009-2582 | 0.00 | — | 0.03 | Jul 23, 2009 | Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and… |
- risk 0.64cvss 9.8epss 0.02
Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code…
- risk 0.52cvss 8.0epss 0.00
An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector.
- risk 0.51cvss 7.8epss 0.00
The GC-AGENTS-SERVICE running as part of Akamai´s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.2.0 is affected by a local privilege escalation vulnerability. The service will attempt to read an OpenSSL configuration file from a…
- risk 0.48cvss 7.4epss 0.00
Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU…
- risk 0.38cvss 5.8epss 0.00
Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF.
- risk 0.38cvss 5.8epss 0.03
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
- risk 0.35cvss 5.4epss 0.00
Rule 3000216 (before version 2) in Akamai App & API Protector (with Akamai ASE) before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties.
- risk 0.24cvss 3.7epss 0.00
Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge node.
- CVE-2008-1770Jun 4, 2008risk 0.04cvss —epss 0.10
CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line.
- CVE-2007-6339May 1, 2008risk 0.01cvss —epss 0.11
The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."
- CVE-2025-66373Dec 4, 2025risk 0.00cvss —epss 0.00
Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk…
- CVE-2024-45164Nov 4, 2024risk 0.00cvss —epss 0.00
Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert…
- CVE-2024-3930Jul 30, 2024risk 0.00cvss —epss 0.00
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
- CVE-2024-5250Jul 30, 2024risk 0.00cvss —epss 0.00
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
- CVE-2024-5249Jul 30, 2024risk 0.00cvss —epss 0.00
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
- CVE-2021-40683Oct 4, 2021risk 0.00cvss —epss 0.00
In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.
- CVE-2019-18847Aug 26, 2020risk 0.00cvss —epss 0.02
Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1.
- CVE-2019-11011Jun 21, 2019risk 0.00cvss —epss 0.03
Akamai CloudTest before 58.30 allows remote code execution.
- CVE-2009-2582Jul 23, 2009risk 0.00cvss —epss 0.03
Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and…