ZDI-CAN-28215
HIGH 7.7
Overdue
Oct 29, 2025
Airbyte
Airbyte is a popular open-source data integration platform that allows users to sync data between various sources and destinations. This high-severity vulnerability requires authenticated network access and could allow an authenticated attacker to gain unauthorized access to confidential information across connected systems without modifying data or disrupting availability. Security teams should monitor for suspicious activity from authenticated Airbyte users and prioritize applying patches once the vendor releases fixes by the February 2026 deadline.
Advisory Details
Researcher
Discovered by:
Peter Girnus (@gothburz) and Brandon Niemczyk of Trend Zero Day Initiative
Reported
October 29, 2025
Deadline
February 26, 2026
49d overdue
CVSS Vector
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N