Kestra-io Kestra
4 CVEs affecting Kestra-io Kestra. Latest disclosed: 2026-04-03. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-34612 | Critical | 10.0 | 2026-04-03 | Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vuln… |
CVE-2026-33664 | High | 7.3 | 2026-03-26 | Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description… |
CVE-2026-29082 | High | 7.3 | 2026-03-06 | Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown (.md) with… |
CVE-2025-53543 | Medium | 4.2 | 2025-07-07 | Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP re… |