CVE-2026-25903 | Apache NiFi up to 2.7.2 Component Update authorization

A vulnerability classified as critical was found in Apache NiFi up to 2.7.2. The affected element is an unknown function of the component Component Update Handler. Such manipulation leads to missing authorization.

This vulnerability is referenced as CVE-2026-25903. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More