- EPSS 0.16%
- Veröffentlicht 03.04.2026 22:39:31
- Zuletzt bearbeitet 13.04.2026 17:36:59
Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability that leads to Remote Code Execution (RCE) in the following endpoint "GET /api/v1/...
CVE-2026-33664
- EPSS 0.05%
- Veröffentlicht 26.03.2026 21:13:12
- Zuletzt bearbeitet 31.03.2026 01:48:34
Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs[].displayName, inputs[].description — through the Markdown.vue component instantiate...
CVE-2026-29082
- EPSS 0.05%
- Veröffentlicht 06.03.2026 16:33:31
- Zuletzt bearbeitet 10.03.2026 21:00:33
Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown (.md) with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html with...