SQL Injection Vulnerability in Apache Kylin Affects Multiple Versions
CVE-2026-62390
Currently unrated
What is CVE-2026-62390?
A vulnerability exists in Apache Kylin that allows for improper neutralization of special elements used in SQL commands, resulting in an SQL injection risk. This flaw is particularly concerning when the backend API refreshes the table catalog, as it may inadvertently lead to injection into the generated SQL commands. Users are urged to upgrade to Apache Kylin version 5.0.4 or later to secure their systems against this vulnerability. For more details, refer to the vendor advisory.
Affected Version(s)
Apache Kylin 4 <= 5.0.3