Vulnerability in Apache Software Foundation Nifi
CVE-2026-44913
Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowe…
Affected products
- Apache Software Foundation Nifi — versions 1.2.0
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)
- af854a3a-2127-422b-91ae-364da2661108