Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Network-reachable auth bypass with no privileges or interaction (AV:N/AC:L/PR:N/UI:N); container-to-host pivot via Docker socket is a scope change (S:C) with full C/I/A loss.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresses its resources by URL path segments that the caller chooses (/api/v1/{tenant}/flows/{namespace}, /api/v1/{tenant}/executions/{namespace}/{id}, /api/v1/{tenant}/namespaces/{namespace}/kv/{key}). An anonymous caller picks the literal configs as the final segment, and the request bypasses Basic-Auth entirely. Because the bypass reaches the flow-create and execution-trigger routes, an unauthenticated caller creates a flow containing a Shell or Process task and runs it. The task executes as root inside the kestra container. The official docker-compose.yml mounts /var/run/docker.sock, so root in the container reaches the host Docker daemon. This vulnerability is fixed in 1.0.45 and 1.3.21.
AnalysisAI
Unauthenticated remote code execution in Kestra orchestration platform before 1.0.45 and 1.3.21 lets anonymous attackers fully compromise the host. The REST API authentication filter treats any request path ending in /configs as the public instance-config endpoint, so an attacker appending the literal segment configs (e.g. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only that the Kestra REST API (/api/v1/**) be network-reachable by the attacker and that the instance run a version prior to 1.0.45 or 1.3.21; the attacker simply chooses the literal final path segment configs to satisfy the flawed public-endpoint check (the auth filter forwards any path ending in /configs without credentials). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This is a genuine top-priority issue, not a high-CVSS-but-low-real-risk case. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker scanning for exposed Kestra instances sends an unauthenticated HTTP request to a flow-create route crafted so the path ends in the literal segment configs, bypassing Basic-Auth, and registers a flow containing a Shell task. They then trigger execution via the similarly bypassed execution route, and the task runs as root inside the container; because the official compose file mounts the Docker socket, the attacker issues Docker API calls to spawn a privileged container and take over the host. … |
| Remediation | Vendor-released patch: upgrade to Kestra 1.0.45 (for the 1.0.x line) or 1.3.21 (for the 1.3.x line), per the advisory at https://github.com/kestra-io/kestra/security/advisories/GHSA-2q47-568g-9h4f. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Kestra instances and verify versions (check for <1.0.45 in 1.0.x or <1.3.21 in 1.3.x branches); restrict network access to REST API endpoints. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39919