Apache Kylin: Improper authorization in job information retrieval
Summary
| CVE | CVE-2026-62393 |
|---|---|
| State | PUBLISHED |
| Assigner | apache |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-14 13:19:08 UTC |
| Updated | 2026-07-14 16:55:49 UTC |
| Description | Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which fixes the issue. |
Risk And Classification
Primary CVSS: v3.1 4.3 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Problem Types: CWE-280 | CWE-280 CWE-280 Improper Handling of Insufficient Permissions or Privileges
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
LowIntegrity
NoneAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Apache Software Foundation | Apache Kylin | affected 4 5.0.3 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.openwall.com/lists/oss-security/2026/07/14/6 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| lists.apache.org/thread/xg8dcyjw0nkq5y8dhq3r25x3rxc62x9j | [email protected] | lists.apache.org | Mailing List, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
There are currently no legacy QID mappings associated with this CVE.