Known Vulnerabilities for Apache Storm UI by Apache Software Foundation
Listed below are 4 of the newest known vulnerabilities associated with "Apache Storm UI" by "Apache Software Foundation".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41081 json | Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Af... | Not Provided | 2026-04-27 | 2026-04-27 |
| CVE-2026-40557 json | Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: fro... | Not Provided | 2026-04-27 | 2026-04-30 |
| CVE-2026-35565 json | Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 De... | Not Provided | 2026-04-13 | 2026-04-13 |
| CVE-2026-35337 json | Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When proces... | Not Provided | 2026-04-13 | 2026-04-14 |