In Grafana versions 8.0.1 through 12.3.0 a high severity vulnerability CVE-2025-12141 was detected. This vulnerability allows attackers with Editor permissions to edit contact points created by other users and modify endpoint URLs to a controlled server. By invoking the test functionality, attackers can capture and extract redacted secure settings, such as authentication credentials for third-party services like Slack tokens. To address this issue users must upgrade to version 12.3.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12141.
Read more Data AnalyticsIn Apache Kafka versions 4.1.0 and 4.1.1 a critical severity vulnerability CVE-2026-33557 was detected. This vulnerability allows attackers to bypass authentication and impersonate any user by providing an unvalidated JWT token, as the default validator fails to check signatures, issuers, or audiences. To address this issue users must upgrade to version 4.1.2, 4.2.0, or later, or explicitly set the validator class to BrokerJwtValidator. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33557.
Read more Data AnalyticsIn Apache Kafka versions up to 3.9.1 and 4.0.0 a medium severity vulnerability CVE-2026-33558 was detected. This vulnerability allows attackers to access sensitive information, including authentication credentials and delegation tokens, because the NetworkClient component outputs entire requests and responses—such as SaslAuthenticate and AlterConfigs—when the DEBUG log level is enabled. To address this issue users must upgrade to version 3.9.2, 4.0.1, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33558.
Read more Data AnalyticsIn Apache Airflow versions 3.0.0 before 3.2.0 low severity vulnerability CVE-2026-32228 was detected. This vulnerability allows attackers with asset materialization permissions to trigger DAGs they otherwise had no access to via the UI or API. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-32228.
Read more Data AnalyticsIn Apache Airflow versions 3.0.0 before 3.2.0 high severity vulnerability CVE-2026-31987 was detected. This vulnerability allows attackers with UI access to view JWT tokens exposed in task logs, potentially enabling them to impersonate DAG authors and perform unauthorized actions. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-31987.
Read more Data AnalyticsIn Grafana versions prior to 11.6.11, 12.0.9, 12.1.6, and 12.2.4 low severity vulnerability CVE-2026-21727 was detected. This vulnerability allows attackers with datasource management privileges to read and permanently delete legacy correlation data belonging to other organizations due to improper isolation of legacy records with org_id=0. To address this issue users must upgrade to 11.6.11, 12.0.9, 12.1.6, or 12.2.4 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-21727.
Read more Data Analyticsp>In Apache Airflow versions 3.0.0 before 3.2.0 a medium severity vulnerability CVE-2026-32690 was detected. This vulnerability allows attackers to bypass secret redaction and view sensitive values stored in JSON dictionaries, as nested fields were not properly masked when retrieved with specific depth settings. To address this issue, users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-32690.
Read more Data AnalyticsIn Apache Airflow versions 3.0.0 before 3.2.0 medium severity vulnerability CVE-2025-57735 was detected. This vulnerability allows attackers to reuse a JWT token that was not properly invalidated after a user logged out, provided the token was intercepted. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-57735.
Read more Data AnalyticsIn Apache Airflow versions prior to 3.2.0 low severity vulnerability CVE-2025-54550 was detected. This vulnerability allows attackers to perform arbitrary execution of code on the worker if a UI user with XCom modification access exploits an unsafe reading pattern based on documentation examples. To address this issue users must upgrade to 3.2.0 version documentation standards and adjust their implementations accordingly. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54550.
Read more Data Analytics