All 4 CVE vulnerabilities found in kestra, with AI-generated Chinese analysis, references, and POCs.
Vendor: kestra-io
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34612 | Kestra: Remote Code Execution via SQL Injection CWE-89 | 10.0 | Critical | 2026-04-03 |
| CVE-2026-33664 | Kestra Vulnerable to Stored Cross-Site Scripting via Flow YAML Fields CWE-79 | 7.3 | High | 2026-03-26 |
| CVE-2026-29082 | Kestra: Stored Cross-Site Scripting in Markdown File Preview CWE-79 | 7.3 | High | 2026-03-06 |
| CVE-2025-53543 | Kestra allows Stored XSS before 0.22 CWE-79 | 4.2 | Medium | 2025-07-07 |
All 4 known CVE vulnerabilities affecting kestra with full Chinese analysis, references, and POCs where available.