URL Path Injection Vulnerability in Apache Gravitino
CVE-2026-41041

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
13 July 2026

What is CVE-2026-41041?

A vulnerability in Apache Gravitino allows for URL path injection via unencoded user-supplied identifiers. This security issue has the potential to affect the integrity of web applications utilizing the affected versions. Users are strongly advised to upgrade to version 1.2.1 to mitigate this risk and ensure their systems are secure against potential exploitation of this vulnerability.

Affected Version(s)

Apache Gravitino 1.0.0 < 1.2.1

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrea Cosentino (ancosen@gmail.com)
.