VYPR

Flink

by Apache

Source repositories

CVEs (2)

  • CVE-2026-35194HigMay 15, 2026
    risk 0.46cvss 8.1epss 0.00

    Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions…

  • CVE-2026-40564MedMay 26, 2026
    risk 0.35cvss 6.5epss 0.00

    Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses.  This lets a user with CR…