What is CVE-2026-55069?

CVE-2026-55069 is a high-severity vulnerability in Kestra-io Kestra, classified under Use of Password Hash With Insufficient Computational Effort. CVSS score: 8.7/10. Published 2026-06-26.

How severe is CVE-2026-55069?

High severity. CVSS v3 base score is 8.7 out of 10.

Vulnerability in Kestra-io Kestra

CVE-2026-55069

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the…

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N.

Affected products

Kestra-io Kestra — versions < 1.3.24

Weakness classification (CWE)

CWE-916 — Use of Password Hash With Insufficient Computational Effort

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-55069?: CVE-2026-55069 is a high-severity vulnerability in Kestra-io Kestra, classified under Use of Password Hash With Insufficient Computational Effort. CVSS score: 8.7/10. Published 2026-06-26.
How severe is CVE-2026-55069?: High severity. CVSS v3 base score is 8.7 out of 10.