Apache NiFi: Three CVEs Disclosed Together — Auth Bypass, SQLi, and Host-Header Injection

Key findings

• Three CVEs disclosed together for Apache NiFi on June 22, 2026, affecting versions up to 2.9.0
• CVE-2026-44911 (CVSS 8.8) lets read-only users invoke privileged configuration verification methods
• CVE-2026-44913 (CVSS 7.5) enables SQL injection via unescaped table names in CaptureChangeMySQL
• CVE-2026-54665 (CVSS 6.1) allows proxy host header injection for URL manipulation
• All three flaws are fixed in Apache NiFi 2.10.0; no workarounds for the SQLi or host-header issues
• No active exploitation reported as of disclosure date

Apache NiFi users were warned on June 22, 2026, about three distinct security flaws disclosed in a single advisory batch, affecting versions from the earliest 0.0.1 up to 2.9.0. The vulnerabilities span an authorization bypass in configuration verification, SQL injection via improperly escaped table names, and missing validation of proxy host headers — each with different attack surfaces but all carrying significant risk for organizations using the popular data-flow automation platform.

The most severe of the three, **CVE-2026-44911** (CVSS 8.8, High), stems from incorrect authorization handling for component configuration verification requests. In Apache NiFi 1.15.0 through 2.9.0, a client with only read access can submit proposed configuration properties that override the current configuration, effectively allowing the client to invoke predefined verification methods with attacker-controlled parameters. This means a low-privileged user could trigger unintended side effects — such as writing files, making network calls, or altering system state — that should require write or admin privileges.

**CVE-2026-44913** (CVSS 7.5, High) is an SQL injection vulnerability in the CaptureChangeMySQL Processor, present in NiFi 1.2.0 through 2.9.0. The processor fails to properly escape database table names when constructing SQL queries, enabling an attacker who can control table naming to inject arbitrary SQL commands. While manual quoted boundaries added in NiFi 1.8.0 narrowed the injection surface, they did not cover all strategies, leaving a path for crafted table names to execute unintended database operations.

The third flaw, **CVE-2026-54665** (CVSS 6.1, Medium), affects all NiFi versions from 0.0.1 through 2.9.0. The platform builds qualified URLs from HTTP request headers such as X-Forwarded-Host or Forwarded without validating the values provided. Although NiFi 1.6.0 introduced a configurable property to restrict values in the HTTP Host header, the proxy headers remained unvalidated. An attacker could supply a malicious header value to generate URLs pointing to arbitrary hosts, enabling phishing, cache poisoning, or server-side request forgery (SSRF) in downstream components that trust the constructed URLs.

Apache has not reported active exploitation of any of these CVEs in the wild as of the disclosure date. However, the authorization bypass in CVE-2026-44911 is particularly concerning because it requires only read-level access — a common baseline for monitoring and dashboard users — and can lead to arbitrary method invocation with system-level consequences.

All three vulnerabilities are addressed in Apache NiFi 2.10.0, released concurrently with the advisory. Users running any version from 0.0.1 through 2.9.0 are urged to upgrade immediately. For those unable to upgrade, the advisory recommends restricting network access to NiFi instances and auditing user permissions to ensure only trusted principals have read access to configuration verification endpoints. No workarounds are documented for the SQL injection or host-header validation issues.

This batch underscores a recurring theme in Apache NiFi's security posture: the platform's extensible processor architecture and flexible URL construction logic create multiple avenues for privilege escalation and injection. Organizations using NiFi for sensitive data pipelines should prioritize the 2.10.0 upgrade and review their access control models, particularly for users granted read-only roles on configuration verification components.