SQL Injection Vulnerability in Apache Kylin Affects Multiple Versions
CVE-2026-62390

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
14 July 2026

What is CVE-2026-62390?

A vulnerability exists in Apache Kylin that allows for improper neutralization of special elements used in SQL commands, resulting in an SQL injection risk. This flaw is particularly concerning when the backend API refreshes the table catalog, as it may inadvertently lead to injection into the generated SQL commands. Users are urged to upgrade to Apache Kylin version 5.0.4 or later to secure their systems against this vulnerability. For more details, refer to the vendor advisory.

Affected Version(s)

Apache Kylin 4 <= 5.0.3

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

罗鑫 <lx2317103712@gmail.com>
.