BIT-FLINK-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

GHSA-2F54-V4HM-FX73 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

CVE-2026-35194

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

SQL Injection

Apache Flink CDC is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied identifiers, such as crafted database or table names, which allows an attacker to inject malicious SQL and manipulate queries within the application...

Prink: $K_s$-Anonymization for Streaming Data in Apache Flink

In this paper, we present Prink, a novel and practically applicable concept and fully implemented prototype for ks-anonymizing data streams in real-world application architectures. Building upon the pre-existing, yet rudimentary CASTLE scheme, Prink for the first time introduces semantics-aware...

Apache Flink 注入漏洞

Apache Flink is an open source distributed streaming data processing engine of the Apache Foundation . The product is mainly written in Java and Scala languages . Func is Knative open source a client library and CLI , support for the development and deployment of features . Apache Flink Stateful...

POChouse

Based on the provided information, the vulnerability is a remote code execution RCE vulnerability in Apache Flink 1.9.x. The vulnerability allows an attacker to upload a malicious JAR package, which can be executed by the JobManager process, leading to RCE. The affected versions of Apache Flink a...

GHSA-6G88-99WJ-8MGG Command injection in Apache Flink

A vulnerability in Apache Flink where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reportername.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind th...

VulnCheck KEV: CVE-2020-17519

Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface...

Apache Flink Arbitrary File Read Vulnerability

Apache Flink is efficient and distributed general purpose data processing platform. Apache Flink products have an arbitrary file read vulnerability that can be exploited by an attacker to read sensitive files on the server and with the help of hard-coded credentials exploit the vulnerability to...

Apache Flink 路径遍历漏洞

Apache Flink is an efficient and distributed general purpose data processing platform. Apache Flink products have an arbitrary file write vulnerability that can be exploited by an attacker to read sensitive files on the server and with the help of hard-coded credentials exploit the vulnerability ...

Command Execution Vulnerability in Apache Flink Web Dashboard

Apache Flink is another emerging framework in the Big Data space. It is the use of streaming processing to simulate batch processing , and therefore can provide sub-second , consistent with Exactly-once semantics of real-time processing capabilities . A command execution vulnerability exists in...