Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: kestra Clear
ID Title
CVE-2026-55069 Vulnerability in privilege-escalation (CVE-2026-55069)
vulnerability in privilege-escalation (CVE-2026-55069). Confidential information can be exposed externally. Mitigation: upgrade to `1.3.24` or later.
CVE-2026-49869 OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-49984 Path Traversal in kestra (CVE-2026-49984)
path traversal in kestra (CVE-2026-49984). Confidential information can be exposed externally. Exploitable via `GET /api/v1/{tenant}/executions/{executionId}/file`. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-53576 Code Injection in kestra (CVE-2026-53576)
code injection in kestra (CVE-2026-53576). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-53577 Authorization Flaw in kestra (CVE-2026-53577)
vulnerability in kestra (CVE-2026-53577). Confidential information can be exposed externally. Exploitable via `GET /api/v1/{tenant}/executions/{executionId}/file/preview`. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-45807 Path Traversal in kestra (CVE-2026-45807)
path traversal in kestra (CVE-2026-45807). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.43` or later.
CVE-2026-38428 SQL Injection in sqli (CVE-2026-38428)
SQL injection in sqli (CVE-2026-38428). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v1/main/flows/search`.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →