THREATOPS
THREAT OPSThreat News › CVE-2026-62390: Apache Kylin: SQL Injection Vulnerability in Catalog Cache Refresh API

CVE-2026-62390: Apache Kylin: SQL Injection Vulnerability in Catalog Cache Refresh API

medoss_secPublished 2026-07-14

<p>Posted by Li Yang on Jul 13</p>Severity: important <br /> <br /> Affected versions:<br /> <br /> - Apache Kylin 4 through 5.0.3<br /> <br /> Description:<br /> <br /> Improper Neutralization of Special Elements used in an SQL Command (&apos;SQL Injection&apos;) vulnerability in Apache Kylin. A <br /> backend API refreshing table catalog may cause the injection to the generated SQL.<br /> <br />

Indicators of compromise

Original source: https://seclists.org/oss-sec/2026/q3/134