206 matches found
CVE-2026-62393
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to...
CVE-2026-62392
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Kylin. A backend API may bring job config parameters to OS command line. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which...
CVE-2026-62393 Apache Kylin: Improper authorization in job information retrieval
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to...
CVE-2026-62393
Apache Kylin CVE-2026-62393 involves improper authorization in job information retrieval, enabling access to unauthorized jobs across projects for versions 4–5.0.3. Root cause: insufficient permission checks during job info requests. Impact: potential exposure of job data across projects; CVSSv3....
CVE-2026-62393 Apache Kylin: Improper authorization in job information retrieval
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to...
CVE-2026-62392
CVE-2026-62392 is an OS Command Injection vulnerability in Apache Kylin, affecting versions 4 through 5.0.3. The issue arises when the backend API may pass job configuration parameters to the OS command line, allowing potentially unauthorized command execution. The vulnerability is rated with hig...
CVE-2026-62392 Apache Kylin: OS Command Injection via Async Query API
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Kylin. A backend API may bring job config parameters to OS command line. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which...
CVE-2026-62390
Apache Kylin vulnerability CVE-2026-62390 is a SQL Injection flaw in the Catalog Cache Refresh API. Affected versions are 4 through 5.0.3; upgrading to 5.0.4 fixes the issue. The issue arises from improper neutralization of special elements in SQL commands used by the backend API that refreshes t...
PT-2026-57978
Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4 through 5.0.3 Description An SQL Injection issue exists where improper neutralization of special elements used in an SQL command occurs. This happens when a backend API refreshes the table catalog, which may lead to the...
CVE-2021-31522
Kylin can receive user input and load any class through Class.forName.... This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions...
Server-Side Request Forgery (SSRF)
Apache Kylin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-controlled request targets, which allows an attacker to craft malicious requests that force the server to initiate unintended outbound connections...
Files Or Directories Accessible To External Parties
Apache Kylin is vulnerable to Files or Directories Accessible to External Parties. The vulnerability is due to improper access controls on certain files or directories, which allows an attacker to access resources that should be restricted if administrative access is not adequately protected...
Apache Kylin Information Disclosure Vulnerability (CNVD-2025-30840)
Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. An information disclosure vulnerability exists in...
Apache Kylin server-side request forgery vulnerability (CNVD-2025-30839)
Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. A server-side request forgery vulnerability exist...
Authentication Bypass
Apache Kylin is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of alternate endpoints that bypass normal authentication checks, allowing an attacker to gain unauthorized access to protected functionality...
Apache Kylin Authentication Bypass Vulnerability
Apache Kylin is an open source distributed analytics engine designed to provide SQL interfaces as well as support for multidimensional analytics for Hadoop and Alluxio for very large datasets. An authentication bypass vulnerability exists in the Apache Kylin /kylin/api/user/updateuser interface,...
CVE-2025-61735
Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...
CVE-2025-61733
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue...
CVE-2025-61734
Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the...
EUVD-2022-0453
Malicious code in bioql PyPI...