Skip to main content

Apache Flink Kubernetes Operator EUVDEUVD-2026-31846

| CVE-2026-40564 MEDIUM
Files or Directories Accessible to External Parties (CWE-552)
2026-05-26 apache GHSA-rj6x-mg28-wf4x
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
Jun 01, 2026 - 14:23 vuln.today
CVSS changed
Jun 01, 2026 - 14:22 NVD
6.5 (MEDIUM)
Patch available
May 26, 2026 - 17:02 EUVD
CVE Published
May 26, 2026 - 14:38 nvd
MEDIUM 6.5
CVE Published
May 26, 2026 - 14:38 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator.

The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses.  This lets a user with CR create permissions read files from the operator pod's filesystem and pull content from any backing store reachable through Flink's pluggable filesystem layer and access them through the submitted Flink job. Furthermore for fetching from http/https addresses there is currently no allowlist on the URI scheme, no host check, no IP-range restriction, and no protection against pointing the URI at internal or link-local addresses.This issue affects Apache Flink Kubernetes Operator: from 1.3.0 before 1.15.0.

Users are recommended to upgrade to version 1.15.0, which fixes the issue.

AnalysisAI

Unvalidated jarURI handling in Apache Flink Kubernetes Operator exposes authenticated low-privilege users to server-side request forgery and arbitrary file read primitives against the operator pod. Any Kubernetes principal holding Custom Resource create permissions can submit a malicious FlinkSessionJob CR with a crafted jarURI - pointing to local filesystem paths, internal cloud metadata endpoints, link-local addresses, or any backing store reachable through Flink's pluggable filesystem layer - and retrieve that content via the submitted job. No public exploit has been identified at time of analysis, and EPSS sits at 0.01% (3rd percentile), but the confidentiality impact is rated High by NVD given the breadth of accessible internal resources.

Technical ContextAI

Apache Flink Kubernetes Operator (CPE: cpe:2.3:a:apache_software_foundation:apache_flink_kubernetes_operator) manages Flink workloads on Kubernetes through Custom Resource Definitions (CRDs), including FlinkSessionJob. The jarURI field in FlinkSessionJob CRs instructs the operator to fetch a JAR artifact before scheduling execution. Because Flink exposes a pluggable filesystem abstraction, the URI can resolve against local file paths, object storage backends (S3, HDFS, GCS), or HTTP/HTTPS endpoints. The root cause class is CWE-552 (Files or Directories Accessible to External Parties): the operator performs no ownership validation, no URI scheme allowlist, no hostname or IP-range restriction, and no protection against RFC 1918 or link-local (169.254.x.x) addresses for HTTP-scheme URIs. This dual nature - filesystem traversal plus SSRF - is what elevates the practical impact beyond a single vulnerability class.

RemediationAI

Vendor-released patch: Apache Flink Kubernetes Operator 1.15.0, which introduces jarURI validation. Upgrade immediately following the Apache advisory at https://lists.apache.org/thread/jvxs2kh2o60sl7qkl5nss4r5phzfl4cz. If immediate upgrade is not possible, restrict Kubernetes RBAC so that only fully trusted principals (dedicated operator service accounts, not developer or CI namespaces) hold create/update permissions on FlinkSessionJob CRs - this directly removes the prerequisite for exploitation and is the most impactful compensating control. Additionally, apply Kubernetes NetworkPolicy to prevent the operator pod from initiating outbound connections to RFC 1918 ranges, link-local addresses (169.254.0.0/16), and the cluster's internal API server CIDR, which limits SSRF reach even if an attacker submits a malicious URI; note that this does not prevent local filesystem reads. Pod Security Admission or OPA/Gatekeeper policies can be used to reject FlinkSessionJob resources with non-allowlisted URI schemes as an additional layer.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Share

EUVD-2026-31846 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy