CVE-2026-40564— Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Flink Kubernetes Operator | 1.3.0< 1.15.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40564
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
Source: NVD (National Vulnerability Database)
Vulnerability Description
Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files from the operator pod's filesystem and pull content from any backing store reachable through Flink's pluggable filesystem layer and access them through the submitted Flink job. Furthermore for fetching from http/https addresses there is currently no allowlist on the URI scheme, no host check, no IP-range restriction, and no protection against pointing the URI at internal or link-local addresses.This issue affects Apache Flink Kubernetes Operator: from 1.3.0 before 1.15.0. Users are recommended to upgrade to version 1.15.0, which fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对外部实体的文件或目录可访问
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Flink Kubernetes Operator 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Flink Kubernetes Operator是美国阿帕奇(Apache)基金会的一个Flink集群运维组件。 Apache Flink Kubernetes Operator 1.3.0版本至1.15.0之前版本存在安全漏洞,该漏洞源于FlinkSessionJob的jarURI未经验证,可能导致具有CR创建权限的用户读取操作员pod文件系统中的文件,并从任何可访问的后端存储拉取内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Flink Kubernetes Operator | 1.3.0 ~ 1.15.0 | - |
II. Public POCs for CVE-2026-40564
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40564
请登录查看更多情报信息。
Mailing List Discussions for CVE-2026-40564 (1)
IV. Related Vulnerabilities
Same vendor: Apache Software Foundation
- CVE-2026-46718
Apache Calcite: A user-controled model can load arbitrary cl - CVE-2026-41115
Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCR - CVE-2026-49328
Apache Fesod (Incubating): Improper validation of user-suppl - CVE-2026-48827
Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git - CVE-2026-44825
Apache Solr: Enabling BasicAuth using bin/solr CLI configure
Same weakness: CWE-552
V. Comments for CVE-2026-40564
No comments yet