Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| # | POC Description | Source Link | Shenlong Link |
|---|
| CVE-2026-53576 | 10.0 CRITICAL | Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass |
| CVE-2026-49869 | 10.0 CRITICAL | Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `Authentication |
| CVE-2026-45807 | 7.7 HIGH | Kestra: Path traversal via URL-encoded "%2E%2E" in execution and namespace file endpoints |
| CVE-2026-49984 | 7.7 HIGH | Kestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary s |
| CVE-2026-53577 | 6.5 MEDIUM | Kestra: Cross-Execution File Read via Preview Endpoint (IDOR) |
No comments yet