CVE-2026-39816 Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0), com.testinium.jenkins:testinium (=1.0) +27 more potentially affected by CVE-2022-43407 via org.jenkins-ci.plugins:pipeline-input-step (>=2.0 <=2.8)

org.jenkins-ci.plugins:pipeline-input-step MAVEN version =2.0, =1.0, =0.0.15, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =2.2.0, =1.8-beta-1, =1.8-beta-1, =2.0, =2.5 and more Source cves: CVE-2022-43407 Source advisory: OSV:GHSA-G66M-FQXF-3W35...