In Apache Cassandra versions 4.0, 4.1, and 5.0 medium severity vulnerability CVE-2026-32588 was detected. This vulnerability allows attackers to raise query latencies and cause a Denial of Service (DoS) via repeated password changes using the ALTER ROLE command. To address this issue users must upgrade to 4.0.20, 4.1.11, or 5.0.7 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-32588.
Read more Database
In Apache Cassandra versions 4.0 medium severity vulnerability CVE-2026-27315 was detected. This vulnerability allows attackers to access sensitive information, such as cleartext passwords, by reading the cqlsh_history local file if they have access to the user’s home directory. To address this issue users must upgrade to 4.0.20 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27315.
Read more Database
In Apache Cassandra versions 5.0 high severity vulnerability CVE-2026-27314 was detected. This vulnerability allows attackers with CREATE permissions to associate their certificate identity with an arbitrary role, including superuser roles, and authenticate as that role via the ADD IDENTITY command. To address this issue users must upgrade to 5.0.7+ version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27314.
Read more Database
In Apache Airflow versions 3.1.8 before 3.2.0 low severity vulnerability CVE-2026-33858 was detected. This vulnerability allows attackers (specifically DAG Authors) to execute arbitrary code in the webserver context by crafting malicious XCom payloads that bypass legacy serialization key protections. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33858.
Read more Data Analytics
In Apache Airflow versions 3.0.0 before 3.2.0 medium severity vulnerability CVE-2025-57735 was detected. This vulnerability allows attackers to reuse intercepted JWT tokens because the system failed to invalidate them after a user logged out. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-57735.
Read more Data Analytics
In Apache Airflow versions prior to 3.2.0 medium severity vulnerability CVE-2025-66236 was detected. This vulnerability allows attackers to view secrets from the Airflow configuration file which were logged in plain text within the DAG run logs UI due to insufficient security model clarity and workload isolation. To address this issue users must upgrade to 3.2.0 version and follow the updated security model guidelines. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-66236.
Read more Data Analytics
In Zulip versions 1.4.0 to before 11.6 high severity vulnerability CVE-2026-25742 was detected. This vulnerability allows attackers to retrieve attachments originating from web-public streams and access topic history via the /users/me/<stream_id>/topics endpoint anonymously, even after spectator access has been disabled. To address this issue users must upgrade to 11.6 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25742.
Read more Communication
In Apache Airflow versions 3.0.0 through 3.1.8 high severity vulnerability CVE-2026-34538 was detected. This vulnerability allows attackers with low-privilege access (such as the Viewer role) to bypass authorization and retrieve sensitive XCom result values via the DagRun wait endpoint, which should be restricted under the FAB RBAC model. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-34538.
Read more Data Analytics
In Mattermost Plugins versions <=2.3.1 high severity vulnerability CVE-2026-21388 was detected. This vulnerability allows authenticated attackers to cause memory exhaustion and denial of service via sending an oversized JSON payload to the /lifecycle webhook endpoint. To address this issue users must upgrade to 2.3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-21388.
Read more Communication