CVE-2026-25903 — Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The — CVE Database · The Intelligence Room