Apache Flink
Moderate fix2 remedies
cpe:2.3:a:apache:flink:*:*:*:*:*:*:*
Moderate fix2 remedies
- 1.11.0
- 1.11.1
- 1.11.2
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Apache Flink Directory Traversal Vulnerability Allowing Arbitrary File Read via REST API
Vulnerability
Exploited
Patched
A directory traversal vulnerability has been identified in Apache Flink versions 1.11.0, 1.11.1, and 1.11.2. This vulnerability allows attackers to read any file on the local filesystem of the JobManager through the REST interface, accessing files that are accessible by the JobManager process.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the JobManager's local filesystem.
Reproduction
The vulnerability can be reproduced by sending a crafted request to the JobManager's REST interface that includes a directory traversal payload. The request can obfuscate the traversal characters to bypass simple filtering, effectively allowing access to arbitrary files.
Remediation
Users are advised to upgrade to Apache Flink versions 1.11.3 or 1.12.0.
Added: Mar 16, 2026, 8:46 PM
Updated: Mar 16, 2026, 8:46 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
0.6exploitability
9.4remediation
7.7relevance
0.0threat
9.9urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.