THREAT OPS › Threat News › CVE-2026-62392: Apache Kylin: OS Command Injection via Async Query API
CVE-2026-62392: Apache Kylin: OS Command Injection via Async Query API
<p>Posted by Li Yang on Jul 13</p>Severity: important <br /> <br /> Affected versions:<br /> <br /> - Apache Kylin 4 through 5.0.3<br /> <br /> Description:<br /> <br /> Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache <br /> Kylin. A backend API may bring job config parameters to OS command line.<br /> <br /> This issue a
Indicators of compromise
- CVE-2026-62392cve
Original source: https://seclists.org/oss-sec/2026/q3/135