THREATOPS
THREAT OPSThreat News › CVE-2026-49876: Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs

CVE-2026-49876: Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs

medoss_secPublished 2026-07-13

<p>Posted by Yu Qi on Jul 12</p>Severity: moderate <br /> <br /> Affected versions:<br /> <br /> - Apache Gravitino (org.apache.gravitino:gravitino-core) 1.0.0 through 1.2.1<br /> <br /> Description:<br /> <br /> Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata <br /> endpoints via unvalidated job template URIs. A vulnerability in A

Indicators of compromise

Original source: https://seclists.org/oss-sec/2026/q3/123