Hugegraph Security Vulnerabilities and Issues — Hugegraph CVE List

ApacheHugegraph

4 matches found

CVE•added 2024/04/22 2:8 p.m.•154 views

CVE-2024-27348

CVE-2024-27348 (Apache HugeGraph-Server) is an improper access control vulnerability in the Gremlin interface that enables remote code execution. Affected: HugeGraph-Server versions from 1.0.0 up to (but not including) 1.3.0, running on Java 8 or Java 11. Root cause: insufficient access controls ...

9.8CVSS9.7AI score0.94344EPSS

In wild

CVE•added 2024/12/24 11:59 a.m.•105 views

CVE-2024-43441

Apache HugeGraph-Server

9.8CVSS6.6AI score0.89441EPSS

CVE•added 2024/04/22 2:8 p.m.•75 views

CVE-2024-27349

CVE-2024-27349 (Apache HugeGraph-Server) is an Authentication Bypass by Spoofing vulnerability affecting 1.0.0–1.0.x up to but not including 1.3.0. The issue allows bypassing authentication (network access, no user interaction) and has high impact on confidentiality and integrity with a CVSS v3.1...

9.1CVSS9.3AI score0.00438EPSS

CVE•added 2025/12/12 9:23 a.m.•14 views

CVE-2025-26866

CVE-2025-26866 affects Apache HugeGraph-Server (HugeGraph-Server PD store) via insecure Hessian deserialization and RAFT-related manipulation, enabling remote code execution. Multiple sources describe a server-side deserialization vulnerability stemming from Hessian deserialization, with the miti...

8.8CVSS8.3AI score0.03445EPSS