Apache Flink security advisories

Security information for Apache Flink

Reporting

Do you want disclose a potential security issue for Apache Flink? You can read more about the projects’ security policy on their security page, and email your report to the Apache Security Team.

Advisories

This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. It may also lack details found on the project security page. If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public mailinglist or privately on security@apache.org

Server-Side Request Forgery and local file access in Kubernetes Operator

CVE-2026-40564 [CVE] [CVE json]

Last updated: 2026-05-26T14:43:13.154Z

Affected

  • Apache Flink Kubernetes Operator from 1.3.0 before 1.15.0

Description

Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator.

The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses.  This lets a user with CR create permissions read files from the operator pod's filesystem and pull content from any backing store reachable through Flink's pluggable filesystem layer and access them through the submitted Flink job. Furthermore for fetching from http/https addresses there is currently no allowlist on the URI scheme, no host check, no IP-range restriction, and no protection against pointing the URI at internal or link-local addresses.

This issue affects Apache Flink Kubernetes Operator: from 1.3.0 before 1.15.0.

Users are recommended to upgrade to version 1.15.0, which fixes the issue.

References

Credits

  • Andrea Cosentino (finder)
  • Andrea Cosentino (remediation developer)

Remote code execution via SQL injection in code generation

CVE-2026-35194 [CVE] [CVE json] [OSV json]

Last updated: 2026-05-15T15:27:25.824Z

Affected

  • Apache Flink from 1.15.0 before 1.20.4,2.0.2,2.1.2,2.2.1

Description

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions (1.15.0+) and LIKE expressions with ESCAPE clauses (1.17.0+). User-controlled strings are interpolated into generated Java code without proper escaping, allowing attackers to break out of string literals and inject arbitrary expressions.
Users are recommended to upgrade to either version 1.20.4, 2.0.2, 2.1.2 or 2.2.1, which fixes this issue.

References

Credits

  • Yaswant Katakam, Confluent InfoSec (finder)

SQL injection via maliciously crafted identifiers

CVE-2025-62228 [CVE] [CVE json] [OSV json]

Last updated: 2025-10-09T13:15:41.457Z

Affected

  • Apache Flink CDC from 3.0.0 through 3.4.0
  • Apache Flink CDC from 3.0.0 through 3.4.0
  • Apache Flink CDC from 3.0.0 through 3.4.0
  • Apache Flink CDC from 3.0.0 through 3.4.0
  • Apache Flink CDC from 3.3.0 through 3.4.0

Description

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue.

References

Credits

  • intSheep (reporter)
  • Mapta/BugBunny_ai (reporter)

Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences

CVE-2023-41834 [CVE] [CVE json] [OSV json]

Last updated: 2023-09-19T12:34:13.497Z

Affected

  • Apache Flink Stateful Functions from 3.1.0 through 3.2.0

Description

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user’s browser.

Users should upgrade to Apache Flink Stateful Functions version 3.3.0.

References

Credits

  • Andrea Cosentino (finder)

Apache Flink directory traversal attack: reading remote files through the REST API

CVE-2020-17519 [CVE] [CVE json] [OSV json]

Last updated: 2021-01-05T11:32:48.294Z

Affected

  • Apache Flink at 1.11.0 to 1.11.2

Description

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.

References

Credits

  • 0rich1 of Ant Security FG Lab

Apache Flink directory traversal attack: remote file writing through the REST API

CVE-2020-17518 [CVE] [CVE json] [OSV json]

Last updated: 2021-01-05T11:32:09.849Z

Affected

  • Apache Flink at 1.5.1 to 1.11.2

Description

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.

References

Credits

  • 0rich1 of Ant Security FG Lab