{"api_version":"1","generated_at":"2026-07-14T17:42:55+00:00","cve":"CVE-2026-62393","urls":{"html":"https://cve.report/CVE-2026-62393","api":"https://cve.report/api/cve/CVE-2026-62393.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-62393","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-62393"},"summary":{"title":"Apache Kylin: Improper authorization in job information retrieval","description":"Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects.\n\nThis issue affects Apache Kylin: from 4 through 5.0.3.\n\nUsers are recommended to upgrade to version 5.0.4, which fixes the issue.","state":"PUBLISHED","assigner":"apache","published_at":"2026-07-14 13:19:08","updated_at":"2026-07-14 16:55:49"},"problem_types":["CWE-280","CWE-280 CWE-280 Improper Handling of Insufficient Permissions or Privileges"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2026/07/14/6","name":"http://www.openwall.com/lists/oss-security/2026/07/14/6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.apache.org/thread/xg8dcyjw0nkq5y8dhq3r25x3rxc62x9j","name":"https://lists.apache.org/thread/xg8dcyjw0nkq5y8dhq3r25x3rxc62x9j","refsource":"security@apache.org","tags":["Mailing List","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-62393","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-62393","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache Kylin","version":"affected 4 5.0.3 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Yicheng <yyc2569580673@gmail.com>","lang":"en"},{"source":"CNA","value":"Haoran Zhao","lang":"en"},{"source":"CNA","value":"Lei Zhang","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"62393","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"kylin","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2026-07-14T12:31:59.175Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"http://www.openwall.com/lists/oss-security/2026/07/14/6"}],"title":"CVE Program Container"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Apache Kylin","vendor":"Apache Software Foundation","versions":[{"lessThanOrEqual":"5.0.3","status":"affected","version":"4","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Yicheng <yyc2569580673@gmail.com>"},{"lang":"en","type":"finder","value":"Haoran Zhao"},{"lang":"en","type":"finder","value":"Lei Zhang"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin.&nbsp;Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects.</p><p>This issue affects Apache Kylin: from 4 through 5.0.3.</p><p>Users are recommended to upgrade to version 5.0.4, which fixes the issue.</p>"}],"value":"Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects.\n\nThis issue affects Apache Kylin: from 4 through 5.0.3.\n\nUsers are recommended to upgrade to version 5.0.4, which fixes the issue."}],"metrics":[{"other":{"content":{"text":"important"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-280","description":"CWE-280 Improper Handling of Insufficient Permissions or Privileges","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-14T12:19:27.705Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"tags":["vendor-advisory"],"url":"https://lists.apache.org/thread/xg8dcyjw0nkq5y8dhq3r25x3rxc62x9j"}],"source":{"defect":["KYLIN-6090"],"discovery":"UNKNOWN"},"title":"Apache Kylin: Improper authorization in job information retrieval","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2026-62393","datePublished":"2026-07-14T12:19:27.705Z","dateReserved":"2026-07-14T03:33:13.944Z","dateUpdated":"2026-07-14T12:31:59.175Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-14 13:19:08","lastModifiedDate":"2026-07-14 16:55:49","problem_types":["CWE-280","CWE-280 CWE-280 Improper Handling of Insufficient Permissions or Privileges"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"5.0.4","matchCriteriaId":"D231A8C1-6E4E-4BB6-8581-74B9A44868B0"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"62393","Ordinal":"1","Title":"Apache Kylin: Improper authorization in job information retrieva","CVE":"CVE-2026-62393","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"62393","Ordinal":"1","NoteData":"Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects.\n\nThis issue affects Apache Kylin: from 4 through 5.0.3.\n\nUsers are recommended to upgrade to version 5.0.4, which fixes the issue.","Type":"Description","Title":"Apache Kylin: Improper authorization in job information retrieva"}]}}}