Known Vulnerabilities for Atlas by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Atlas" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-57357 json | Unauthenticated Cross Site Scripting (XSS) in Search Atlas SEO <= 2.6.6 versions. | Not Provided | 2026-07-02 | 2026-07-02 |
| CVE-2026-40563 json | Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a D... | Not Provided | 2026-05-04 | 2026-05-06 |
| CVE-2026-11326 json | OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site script... | Not Provided | 2026-06-05 | 2026-06-05 |
| CVE-2026-8063 json | An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resol... | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2025-62198 json | An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to... | Not Provided | 2026-06-22 | 2026-06-22 |
| CVE-2025-60639 json | Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26). | Not Provided | 2025-10-16 | 2026-07-04 |
| CVE-2025-58019 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Search Atlas Group Sear... | Not Provided | 2025-09-22 | 2026-04-23 |
| CVE-2025-22509 json | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW... | Not Provided | 2026-01-08 | 2026-04-27 |
| CVE-2025-7708 json | Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows... | Not Provided | 2026-02-09 | 2026-06-05 |
| CVE-2024-52472 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weather Atlas Weather A... | Not Provided | 2024-11-20 | 2026-04-23 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Atlas | 2.1.0 | |||
| Application | Apache | Atlas | 2.1.0 | |||
| Application | Apache | Atlas | 2.1.0 | |||
| Application | Apache | Atlas | 2.1.0 | |||
| Application | Apache | Atlas | 2.1.0 | |||
| Application | Apache | Atlas | 2.0.0 | |||
| Application | Apache | Atlas | 2.0.0 | |||
| Application | Apache | Atlas | 2.0.0 | |||
| Application | Apache | Atlas | 1.2.0 | |||
| Application | Apache | Atlas | 1.2.0 | |||
| Application | Apache | Atlas | 1.2.0 | |||
| Application | Apache | Atlas | 1.2.0 | |||
| Application | Apache | Atlas | 1.1.0 | |||
| Application | Apache | Atlas | 1.1.0 | |||
| Application | Apache | Atlas | 1.1.0 | |||
| Application | Apache | Atlas | 1.1.0 | |||
| Application | Apache | Atlas | 1.0.0 | |||
| Application | Apache | Atlas | 1.0.0 | |||
| Application | Apache | Atlas | 1.0.0 | |||
| Application | Apache | Atlas | 1.0.0 |