PT-2026-41310 · Apache · Apache Flink
CVE-2026-35194
·
Published
2026-05-15
·
Updated
2026-05-20
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Flink versions 1.15.0 through 1.20.x
Apache Flink versions 2.0.0 through 2.x
Description
Code injection in SQL code generation allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers using maliciously crafted SQL queries. The issue occurs because user-controlled strings are interpolated into generated Java code without proper escaping, enabling attackers to break out of string literals and inject arbitrary expressions. This affects JSON functions and LIKE expressions with ESCAPE clauses.
Recommendations
Upgrade versions 1.15.0 through 1.20.x to 1.20.4.
Upgrade versions 2.0.0 through 2.x to 2.0.2, 2.1.2, or 2.2.1.
Exploit
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Flink