THREAT OPS › Threat News › CVE-2026-62390: Apache Kylin: SQL Injection Vulnerability in Catalog Cache Refresh API
CVE-2026-62390: Apache Kylin: SQL Injection Vulnerability in Catalog Cache Refresh API
<p>Posted by Li Yang on Jul 13</p>Severity: important <br /> <br /> Affected versions:<br /> <br /> - Apache Kylin 4 through 5.0.3<br /> <br /> Description:<br /> <br /> Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Kylin. A <br /> backend API refreshing table catalog may cause the injection to the generated SQL.<br /> <br />
Indicators of compromise
- CVE-2026-62390cve
Original source: https://seclists.org/oss-sec/2026/q3/134