Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Apache NiFi — Vulnerabilities & Security Advisories 47

All 47 CVE vulnerabilities found in Apache NiFi, with AI-generated Chinese analysis, references, and POCs.

This page is a vulnerability aggregation resource for the Apache NiFi product, focusing on common weakness classifications. It collects data regarding security flaws, configuration errors, and implementation bugs that affect the Apache NiFi data integration platform. The content covers historical records spanning from the initial public releases of the software up to the most recently disclosed incidents, providing a comprehensive timeline of security events. Users can discover detailed insights into how Apache Software Foundation has historically addressed threats within this specific software ecosystem. The repository allows administrators and security analysts to track vendor advisories as they are published, offering context on remediation efforts and timeline transparency. Furthermore, visitors can understand the nature of specific weakness classes, such as improper input validation or insecure default configurations, by examining their real-world manifestation in this application. The page also serves as a lookup tool for a product's vulnerability history, enabling teams to assess long-term security hygiene and compare current risk postures against past incidents. By centralizing these disparate data points, the resource supports informed decision-making for patch management and architectural hardening. This approach helps technical stakeholders evaluate the maturity of security controls over time without relying on fragmented external sources. The aggregation simplifies the process of auditing compliance requirements related to known issues in Apache NiFi deployments. Ultimately, it provides a structured view of the product's security landscape for defenders and developers alike.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2026-44914 Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents CWE-862--2026-06-22
CVE-2026-44911 Apache NiFi: Incorrect Authorization for Configuration Verification Requests CWE-863--2026-06-22
CVE-2026-44913 Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL CWE-116--2026-06-22
CVE-2026-54665 Apache NiFi: Missing Validation for Proxy Host Headers CWE-346--2026-06-22
CVE-2026-39816 Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService CWE-862 8.8AIHighAI2026-05-08
CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates CWE-862 6.5AIMediumAI2026-02-17
CVE-2025-66524 Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor CWE-502 7.5AIHighAI2025-12-19
CVE-2025-27017 Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record CWE-538 6.5 -2025-03-12
CVE-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References CWE-638 6.5 -2024-12-28
CVE-2024-52067 Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log CWE-532 4.9AIMediumAI2024-11-21
CVE-2024-45477 Apache NiFi: Improper Neutralization of Input in Parameter Description CWE-79 4.6 Medium2024-10-29
CVE-2024-37389 Apache NiFi: Improper Neutralization of Input in Parameter Context Description CWE-79 4.6 Medium2024-07-08
CVE-2023-49145 Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt CWE-79 7.9 High2023-11-27
CVE-2023-40037 Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs CWE-184 8.1 -2023-08-18
CVE-2023-36542 Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources CWE-94 8.8 -2023-07-29
CVE-2023-34212 Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components CWE-502 8.8 -2023-06-12
CVE-2023-34468 Apache NiFi: Potential Code Injection with Database Services using H2 CWE-94 8.8 -2023-06-12
CVE-2023-22832 Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes CWE-611 7.5 -2023-02-10
CVE-2022-33140 Improper Neutralization of Command Elements in Shell User Group Provider CWE-78 8.8 -2022-06-15
CVE-2022-29265 Improper Restriction of XML External Entity References in Multiple Components CWE-611 7.5 -2022-04-30
CVE-2022-26850 Insufficiently protected credentials 4.3 -2022-04-06
CVE-2021-44145 Apache NiFi information disclosure by XXE 6.5 -2021-12-17
CVE-2020-9491 Apache NiFi 加密问题漏洞 7.5 -2020-10-01
CVE-2020-13940 Apache NiFi 代码问题漏洞 5.5 -2020-10-01
CVE-2020-9487 Apache NiFi 访问控制错误漏洞 7.5 -2020-10-01
CVE-2020-9486 Apache NiFi 日志信息泄露漏洞 7.5 -2020-10-01
CVE-2020-1942 Apache NiFi 信息泄露漏洞 7.5 -2020-02-11
CVE-2020-1933 Apache NiFi 跨站脚本漏洞 6.1 -2020-01-28
CVE-2020-1928 Apache NiFi 日志信息泄露漏洞 7.5 -2020-01-28
CVE-2019-10083 Apache NiFi 信息泄露漏洞 4.3 -2019-11-19

All 47 known CVE vulnerabilities affecting Apache NiFi with full Chinese analysis, references, and POCs where available.