CVE-2026-35194
CVE-2026-35194 affects Apache Flink: code injection in SQL code generation allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via malicious SQL queries. Affected are Flink versions 1.15.0–1.20.x and 2.0.0–2.x, with JSON functions (1.15.0+) and LI...