In Apache Cassandra versions 4.0 medium severity vulnerability CVE-2026-27315 was detected. This vulnerability allows attackers to access sensitive information, such as cleartext passwords, by reading the cqlsh_history local file if they have access to the user’s home directory. To address this issue users must upgrade to 4.0.20 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27315.
Read more DatabaseIn Apache Cassandra versions 5.0 high severity vulnerability CVE-2026-27314 was detected. This vulnerability allows attackers with CREATE permissions to associate their certificate identity with an arbitrary role, including superuser roles, and authenticate as that role via the ADD IDENTITY command. To address this issue users must upgrade to 5.0.7+ version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27314.
Read more DatabaseIn Zulip versions 1.4.0 to before 11.6 high severity vulnerability CVE-2026-25742 was detected. This vulnerability allows attackers to retrieve attachments originating from web-public streams and access topic history via the /users/me/<stream_id>/topics endpoint anonymously, even after spectator access has been disabled. To address this issue users must upgrade to 11.6 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25742.
Read more CommunicationIn Apache Airflow versions 3.0.0 through 3.1.8 high severity vulnerability CVE-2026-34538 was detected. This vulnerability allows attackers with low-privilege access (such as the Viewer role) to bypass authorization and retrieve sensitive XCom result values via the DagRun wait endpoint, which should be restricted under the FAB RBAC model. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-34538.
Read more Data AnalyticsIn Apache Airflow versions 3.1.8 before 3.2.0 low severity vulnerability CVE-2026-33858 was detected. This vulnerability allows attackers (specifically DAG Authors) to execute arbitrary code in the webserver context by crafting malicious XCom payloads that bypass legacy serialization key protections. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33858.
Read more Data AnalyticsIn Apache Airflow versions 3.0.0 before 3.2.0 medium severity vulnerability CVE-2025-57735 was detected. This vulnerability allows attackers to reuse intercepted JWT tokens because the system failed to invalidate them after a user logged out. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-57735.
Read more Data AnalyticsIn Apache Airflow versions prior to 3.2.0 medium severity vulnerability CVE-2025-66236 was detected. This vulnerability allows attackers to view secrets from the Airflow configuration file which were logged in plain text within the DAG run logs UI due to insufficient security model clarity and workload isolation. To address this issue users must upgrade to 3.2.0 version and follow the updated security model guidelines. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-66236.
Read more Data AnalyticsIn Mattermost Plugins versions <=2.3.1 high severity vulnerability CVE-2026-21388 was detected. This vulnerability allows authenticated attackers to cause memory exhaustion and denial of service via sending an oversized JSON payload to the /lifecycle webhook endpoint. To address this issue users must upgrade to 2.3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-21388.
Read more CommunicationIn Mattermost Plugin Legal Hold versions <=1.4.1 high severity vulnerability CVE-2026-3524 was detected. This vulnerability allows authenticated attackers to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints due to a failure to halt request processing after a failed authorization check. To address this issue users must upgrade to 1.1.5.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-3524.
Read more Communication