Apache ShenYu is an asynchronous, high-performance, cross-language, responsive API gateway. an access control error vulnerability exists in Apache ShenYu versions 2.4.0 and 2.4.1. An attacker could exploit this vulnerability to access the /plugin api without authentication, compromising system security.