PT-2026-57679 · Apache · Apache Gravitino

Andrea Cosentino

·

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-41041

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino.
This issue affects Apache Gravitino: from 1.0.0 before 1.2.1.
Users are recommended to upgrade to version 1.2.1, which fixes the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-41041

Affected Products

Apache Gravitino