Primary

Context

Apache Kyuubi Server Unauthorized File Access Vulnerability

Vulnerability

A vulnerability in Apache Kyuubi Server in versions 1.6.0 through 1.10.2 allows clients to bypass the server-side configuration that restricts access to local files. This is achieved by exploiting Kyuubi frontend protocols to access files not listed in the allowed directory configuration. The absence of proper path normalization enables this unauthorized access.

Impact

Exploitation of this vulnerability could lead to unauthorized access to local files on the server, potentially allowing for the disclosure of sensitive information or manipulation of files in a way that could affect the application's behavior.

Remediation

Users are advised to upgrade to Apache Kyuubi version 1.10.3 or later, which addresses this vulnerability.

Added: Jan 5, 2026, 9:18 AM

Updated: Jan 5, 2026, 1:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Kyuubi Server Unauthorized File Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating