Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface and multidimensional analysis (OLAP) on top of Hadoop/Spark. Apache Kylin is vulnerable to permission and access control issues, which stem from the fact that Apache Kylin allows users to read data from other database systems using JDBC. An attacker could use this vulnerability to execute arbitrary code in the Kylin server process from a malicious MySQL server under the control of a hacker.