Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 8:54 p.m.7 views

CVE-2026-53576

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...

10CVSS5.8AI score0.00472EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 8:54 p.m.40 views

CVE-2026-53576 Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...

10CVSS0.00472EPSS
Exploits2References1
OSV
OSV
added 2026/06/26 8:54 p.m.3 views

CVE-2026-53576 Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...

10CVSS5.9AI score0.00472EPSS
Exploits2References3
CVE
CVE
added 2026/06/26 8:54 p.m.27 views

CVE-2026-53576

Kestra prior to versions 1.0.45 and 1.3.21 contained an authentication filter bypass on the REST API. Requests whose path ends in /configs were treated as the public instance-config endpoint and forwarded without credential checks, allowing anonymous access to resources such as /api/v1/{tenant}/f...

10CVSS5.8AI score0.00472EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder