Browse all 4 CVE security advisories affecting kestra-io. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34612 | Kestra: Remote Code Execution via SQL Injection — kestraCWE-89 | 10.0 | Critical | 2026-04-03 |
| CVE-2026-33664 | Kestra Vulnerable to Stored Cross-Site Scripting via Flow YAML Fields — kestraCWE-79 | 7.3 | High | 2026-03-26 |
| CVE-2026-29082 | Kestra: Stored Cross-Site Scripting in Markdown File Preview — kestraCWE-79 | 7.3 | High | 2026-03-06 |
| CVE-2025-53543 | Kestra allows Stored XSS before 0.22 — kestraCWE-79 | 4.2 | Medium | 2025-07-07 |
This page lists every published CVE security advisory associated with kestra-io. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.