CVE-2026-29082

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.1.10

Description Kestra is an event-driven orchestration platform. Versions 1.1.10 and earlier render user-supplied Markdown (.md) files with markdown-it configured to interpret Markdown as HTML and then inject the resulting HTML using Vue’s v-html directive without sanitization. This can lead to potential issues with the display of user-provided content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.