Apache Kylin — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in Apache Kylin, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE ID	Title	CVSS	Severity	Published
CVE-2025-61735	Apache Kylin: Server-Side Request Forgery CWE-918	9.1^AI	Critical^AI	2025-10-02
CVE-2025-61733	Apache Kylin: Authentication bypass CWE-288	9.8^AI	Critical^AI	2025-10-02
CVE-2025-61734	Apache Kylin: improper restriction of file read CWE-552	9.1^AI	Critical^AI	2025-10-02
CVE-2025-30067	Apache Kylin: The remote code execution via jdbc url CWE-94	9.8^AI	Critical^AI	2025-03-27
CVE-2024-48944	Apache Kylin: SSRF vulnerability in the diagnosis api CWE-918	4.4^AI	Medium^AI	2025-03-27
CVE-2024-23590	Apache Kylin: Session fixation in web interface CWE-384	9.8^AI	Critical^AI	2024-11-04
CVE-2023-29055	Apache Kylin: Insufficiently protected credentials in config file CWE-522	9.8	-	2024-01-29
CVE-2022-44621	Apache Kylin: Command injection by Diagnosis Controller	9.8	-	2022-12-30
CVE-2022-43396	Apache Kylin: Command injection by Useless configuration	8.8	-	2022-12-30
CVE-2022-24697	Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters	9.8	-	2022-10-13
CVE-2021-45458	Hardcoded credentials CWE-798	7.5	-	2022-01-06
CVE-2021-45457	Overly broad CORS configuration	7.5	-	2022-01-06
CVE-2021-45456	Command injection	9.8	-	2022-01-06
CVE-2021-36774	Mysql JDBC Connector Deserialize RCE	6.5	-	2022-01-06
CVE-2021-31522	Apache Kylin unsafe class loading	9.8	-	2022-01-06
CVE-2021-27738	Improper Access Control to Streaming Coordinator & SSRF CWE-918	7.5	-	2022-01-06
CVE-2020-13937	Apache Kylin 安全漏洞	5.3	-	2020-10-19
CVE-2020-13926	Apache Kylin SQL注入漏洞	9.8	-	2020-07-14
CVE-2020-13925	Apache Kylin 安全漏洞	9.8	-	2020-07-14
CVE-2020-1937	Apache Kylin SQL注入漏洞	9.8	-	2020-02-24

All 20 known CVE vulnerabilities affecting Apache Kylin with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

Apache Kylin — Vulnerabilities & Security Advisories 20