Browse all 4 CVE security advisories affecting lf-edge. AI-powered Chinese analysis, POCs, and references for each vulnerability.
lf-edge develops open-source edge computing frameworks focused on distributed workloads and device management. Historically, the project has been susceptible to remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, often stemming from improper input validation and access control weaknesses. While no major public security incidents have been widely documented, the presence of four CVEs indicates ongoing security challenges. The project's distributed architecture and broad integration scope create multiple attack surfaces, particularly in authentication mechanisms and inter-component communication channels, requiring continuous security hardening to maintain operational integrity.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54379 | eKuiper API endpoints handling SQL queries with user-controlled table names. — ekuiperCWE-89 | 9.8 | - | 2025-07-24 |
| CVE-2024-52290 | Stored XSS in Configuration Key Functionality — ekuiperCWE-79 | 6.3 | Medium | 2025-05-14 |
| CVE-2024-52812 | LF Edge eKuiper has Stored XSS in Rules Functionality — ekuiperCWE-79 | 5.4 | Medium | 2025-03-10 |
| CVE-2024-43406 | LF Edge eKuiper has a SQL Injection in sqlKvStore — ekuiperCWE-89 | 8.8 | High | 2024-08-20 |
This page lists every published CVE security advisory associated with lf-edge. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.