CVE-2026-49869 | kestra-io kestra up to 1.0.44/1.3.20 Public Configuration Endpoint request.getPath os command injection (GHSA-5vc5-wxxq-3fjx)
A vulnerability was found in kestra-io kestra up to 1.0.44/1.3.20. It has been rated as critical. Impacted is the function request.getPath of the component Public Configuration Endpoint. The manipulation leads to os command injection.
This vulnerability is listed as CVE-2026-49869. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is advised.VulDB Recent EntriesRead More