EUVD-2026-28593
Missing Authorization (CWE-862)
2026-04-24
GHSA-2j9m-25xv-mp6r
GHSA-2j9m-25xv-mp6r
7.5
CVSS 4.0 · NVD
Share
Severity by source
NVD
PRIMARY
7.5
HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:C/RE:L/U:Green
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:C/RE:L/U:Green
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X
Lifecycle Timeline
4
Analysis Generated
May 08, 2026 - 14:23 vuln.today
CVSS changed
May 08, 2026 - 14:22 NVD
7.5 (HIGH)
CVE Published
Apr 24, 2026 - 12:21 nvd
N/A
CVE Published
Apr 24, 2026 - 12:21 nvd
HIGH 7.5
Description PRE-NVD
Disclosed via oss-security. NVD scoring and full description are pending.
AnalysisAI
Apache NiFi TinkerpopClientService allows authenticated high-privilege users to execute arbitrary code without proper permission validation. The service fails to enforce required Execute Code permissions, enabling privilege escalation within the NiFi environment. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Recon
Compromise NiFi admin credentials
Delivery
Authenticate to NiFi interface
Exploit
Access TinkerpopClientService
Install
Submit malicious Gremlin query
C2
Bypass Execute Code permission check
Execute
Execute arbitrary code in NiFi JVM
Impact
Access dataflow secrets or pivot to connected systems
Recon
Compromise NiFi admin credentials
Delivery
Authenticate to NiFi interface
Exploit
Access TinkerpopClientService
Install
Submit malicious Gremlin query
C2
Bypass Execute Code permission check
Execute
Execute arbitrary code in NiFi JVM
Impact
Access dataflow secrets or pivot to connected systems
Vulnerability AssessmentAI
| Exploitation | Requires authenticated access with high-privilege NiFi administrative role (PR:H from CVSS vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is moderate despite the 7.5 CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated NiFi administrator or an attacker who has compromised high-privilege NiFi credentials accesses the TinkerpopClientService configuration interface. The attacker crafts a malicious Gremlin graph traversal query containing embedded code execution payloads (such as Java deserialization gadgets or script engine invocations). … |
| Remediation | Monitor the official Apache NiFi security mailing list thread at https://lists.apache.org/thread/gh9g7xwvv4l20gzff6q3367snf35ctcb for vendor-released patch version information, which has not been disclosed in the initial April 13, 2026 oss-security announcement. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Apache NiFi instances running TinkerpopClientService and inventory administrative user accounts with code execution privileges. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).