Apache Kylin Vulnerabilities

Server-Side Request Forgery Vulnerability in Apache Kylin by Apache

CVE-2025-61735

ApacheApache Kylin7.3HIGH

Authentication Bypass Vulnerability in Apache Kylin Affects Users

CVE-2025-61733

ApacheApache Kylin7.5HIGH

Files Accessible to External Parties in Apache Kylin by Apache

CVE-2025-61734

ApacheApache Kylin7.5HIGH

Code Injection Vulnerability in Apache Kylin

CVE-2025-30067

ApacheApache Kylin7.2HIGH

Server-Side Request Forgery in Apache Kylin by The Apache Software Foundation

CVE-2024-48944

ApacheApache Kylin6.5MEDIUM

Session Fixation vulnerability in Apache Kylin

CVE-2024-23590

ApacheApache Kylin

Apache Kylin: Insufficiently protected credentials in config file

CVE-2023-29055

ApacheApache Kylin7.5HIGH

Apache Kylin: Command injection by Diagnosis Controller

CVE-2022-44621

ApacheApache Kylin9.8CRITICAL

Apache Kylin: Command injection by Useless configuration

CVE-2022-43396

ApacheApache Kylin8.8HIGH

Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters

CVE-2022-24697

ApacheApache KylinEPSS 41%9.8CRITICAL

Hardcoded credentials

CVE-2021-45458

ApacheApache Kylin7.5HIGH

Overly broad CORS configuration

CVE-2021-45457

ApacheApache Kylin7.5HIGH

Command injection

CVE-2021-45456

ApacheApache KylinEPSS 49%9.8CRITICAL

Mysql JDBC Connector Deserialize RCE

CVE-2021-36774

ApacheApache Kylin6.5MEDIUM

Apache Kylin unsafe class loading

CVE-2021-31522

ApacheApache Kylin9.8CRITICAL

Improper Access Control to Streaming Coordinator & SSRF

CVE-2021-27738

ApacheApache Kylin7.5HIGH

Exposure of Configuration Information in Apache Kylin Products

CVE-2020-13937

ApacheApache Kylin👾🟡EPSS 93%5.3MEDIUM

SQL Injection Vulnerability in Apache Kylin Affects Multiple Versions

CVE-2020-13926

ApacheApache Kylin9.8CRITICAL

Remote Command Execution in Apache Kylin Due to Input Validation Flaw

CVE-2020-13925

ApacheApache Kylin👾🟡EPSS 84%9.8CRITICAL

SQL Injection Vulnerability in Apache Kylin Affected by User Input

CVE-2020-1937

ApacheApache Kylin👾🟡EPSS 10%8.8HIGH

Apache Kylin Vulnerabilities

Vulnerability Published:

Sort By:

2 October 2025

Server-Side Request Forgery Vulnerability in Apache Kylin by Apache

Authentication Bypass Vulnerability in Apache Kylin Affects Users

Files Accessible to External Parties in Apache Kylin by Apache

27 March 2025

Code Injection Vulnerability in Apache Kylin

Server-Side Request Forgery in Apache Kylin by The Apache Software Foundation

4 November 2024

Session Fixation vulnerability in Apache Kylin

29 January 2024

Apache Kylin: Insufficiently protected credentials in config file

30 December 2022

Apache Kylin: Command injection by Diagnosis Controller

Apache Kylin: Command injection by Useless configuration

13 October 2022

Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters

6 January 2022

Hardcoded credentials

Overly broad CORS configuration

Command injection

Mysql JDBC Connector Deserialize RCE

Apache Kylin unsafe class loading

Improper Access Control to Streaming Coordinator & SSRF

19 October 2020

Exposure of Configuration Information in Apache Kylin Products

14 July 2020

SQL Injection Vulnerability in Apache Kylin Affects Multiple Versions

Remote Command Execution in Apache Kylin Due to Input Validation Flaw

24 February 2020

SQL Injection Vulnerability in Apache Kylin Affected by User Input