OS Command Injection Vulnerability in Apache Kylin by Apache
CVE-2026-62392

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
14 July 2026

What is CVE-2026-62392?

An OS Command Injection vulnerability exists in Apache Kylin that allows improper neutralization of special elements used in OS commands. This exploitation may occur via a backend API which unwittingly passes job configuration parameters directly to the operating system command line. Users running affected versions of Apache Kylin are strongly advised to upgrade to version 5.0.4 or later to mitigate this vulnerability.

Affected Version(s)

Apache Kylin 4 <= 5.0.3

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Suraj Kattimuttathu Suresh <sksuraj@ucsb.edu>
.