THREAT OPS › Threat News › CVE-2026-49876: Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs
CVE-2026-49876: Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs
<p>Posted by Yu Qi on Jul 12</p>Severity: moderate <br /> <br /> Affected versions:<br /> <br /> - Apache Gravitino (org.apache.gravitino:gravitino-core) 1.0.0 through 1.2.1<br /> <br /> Description:<br /> <br /> Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata <br /> endpoints via unvalidated job template URIs. A vulnerability in A
Indicators of compromise
- CVE-2026-49876cve
Original source: https://seclists.org/oss-sec/2026/q3/123