24h | 7d | 30d

CVE-2026-48933

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
Node.js、2026年6月のセキュリティリリースで12件の脆弱性を修正(CVE-2026-48933,CVE-2026-48618)他 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-44913

Overview

  • Apache Software Foundation
  • Apache NiFi
  • org.apache.nifi:nifi-cdc-mysql-processors
22 Jun 2026
Published
22 Jun 2026
Updated
CVSS v4.0
MEDIUM (5.2)
EPSS
Pending
KEV

Description

Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection options, but did not cover additional strategies. Apache NiFi installations that do not use the CaptureChangeMySQL Processor are not subject to this vulnerability. Upgrading to Apache NiFi 2.10.0 is the recommended mitigation, which incorporates more robust identifier escaping.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

Apache NiFi 2.10.0, out June 20, patches four separate weaknesses: CVE-2026-44914 (Restricted-component authorization bypass), CVE-2026-44913 (SQL injection via unescaped table names in CaptureChangeMySQL), CVE-2026-54665 (unvalidated proxy host headers enabling crafted redirects), and CVE-2026-44911 (read-only users submitting config verification requests). Which of the four worries you most for your deployment?
#security #opensource

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-54665

Overview

  • Apache Software Foundation
  • Apache NiFi
  • org.apache.nifi:nifi-jetty
22 Jun 2026
Published
22 Jun 2026
Updated
CVSS v4.0
MEDIUM (6.3)
EPSS
Pending
KEV

Description

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in the HTTP Host header, but did not apply the validation to alternative Proxy and Forwarded headers. The absence of proxy host header validation allowed a client to instruct Apache NiFi web services to construct invalid qualified URLs for redirection or data references. Upgrading to Apache NiFi 2.10.0 is the recommended mitigation, which implements validation for the X-ProxyHost and X-Forwarded-Host HTTP request headers based on the nifi.web.proxy.host property. Enabling header validation requires configuring the application with HTTPS. Reverse proxy servers in front of Apache NiFi are responsible for filtering input request headers and providing allowed values to the application.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

Apache NiFi 2.10.0, out June 20, patches four separate weaknesses: CVE-2026-44914 (Restricted-component authorization bypass), CVE-2026-44913 (SQL injection via unescaped table names in CaptureChangeMySQL), CVE-2026-54665 (unvalidated proxy host headers enabling crafted redirects), and CVE-2026-44911 (read-only users submitting config verification requests). Which of the four worries you most for your deployment?
#security #opensource

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-44911

Overview

  • Apache Software Foundation
  • Apache NiFi
  • org.apache.nifi:nifi-web-api
22 Jun 2026
Published
22 Jun 2026
Updated
CVSS v4.0
LOW (2.3)
EPSS
Pending
KEV

Description

Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to invoke predefined verification methods with alternative settings. Apache NiFi installations that do not implement different levels of authorization for viewing and modifying component configuration are not subject to this vulnerability. Upgrading to Apache NiFi 2.10.0 is the recommended mitigation, requiring write access to submit configuration verification requests.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

Apache NiFi 2.10.0, out June 20, patches four separate weaknesses: CVE-2026-44914 (Restricted-component authorization bypass), CVE-2026-44913 (SQL injection via unescaped table names in CaptureChangeMySQL), CVE-2026-54665 (unvalidated proxy host headers enabling crafted redirects), and CVE-2026-44911 (read-only users submitting config verification requests). Which of the four worries you most for your deployment?
#security #opensource

  • 0
  • 0
  • 0
  • 4h ago
Showing 41 to 44 of 44 CVEs