CVE-2026-40564
Modified Modified - Updated After Analysis

SSRF and File Access in Apache Flink Kubernetes Operator

Vulnerability report for CVE-2026-40564, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-26

Last updated on: 2026-06-02

Assigner: Apache Software Foundation

Description

Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses.Β Β This lets a user with CR create permissions read files from the operator pod's filesystem and pull content from any backing store reachable through Flink's pluggable filesystem layer and access them through the submitted Flink job. Furthermore for fetching from http/https addressesΒ there is currently no allowlist on the URI scheme, no host check, no IP-range restriction, and no protection against pointing the URI at internal or link-local addresses.This issue affects Apache Flink Kubernetes Operator: from 1.3.0 before 1.15.0. Users are recommended to upgrade to version 1.15.0, which fixes the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-26
Last Modified
2026-06-02
Generated
2026-07-06
AI Q&A
2026-05-26
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
apache flink_kubernetes_operator From 1.3.0 (inc) to 1.15.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The CVE-2026-40564 vulnerability allows unauthorized access to files on the operator pod's filesystem and internal or link-local network resources via Server-Side Request Forgery (SSRF). This unauthorized access could lead to exposure of sensitive or confidential data.

Such exposure of sensitive data may impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information from unauthorized access.

Therefore, if exploited, this vulnerability could result in non-compliance with these regulations due to potential data breaches or unauthorized data disclosure.

Executive Summary

This vulnerability exists in the Apache Flink Kubernetes Operator where the FlinkSessionJob jarURI is not properly validated. This allows a user with create permissions to read files from the operator pod's filesystem and access content from any backing store reachable through Flink's pluggable filesystem layer by submitting a Flink job.

Additionally, when fetching from http/https addresses, there is no allowlist on the URI scheme, no host check, no IP-range restriction, and no protection against pointing the URI at internal or link-local addresses, which can lead to Server-Side Request Forgery (SSRF).

Impact Analysis

This vulnerability can allow an attacker with create permissions to read sensitive files from the operator pod's filesystem and access data from internal or external backing stores through Flink jobs.

It also enables Server-Side Request Forgery (SSRF), allowing attackers to make requests to internal or link-local network addresses that are normally inaccessible, potentially exposing internal services or data.

Mitigation Strategies

Users are recommended to upgrade to Apache Flink Kubernetes Operator version 1.15.0, which fixes the vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40564. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart