ID
VAR-202605-1119
CVE
CVE-2026-35194
TITLE
Apache Software Foundation of Apache Flink Code injection vulnerability in
Trust: 0.8
DESCRIPTION
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions (1.15.0+) and LIKE expressions with ESCAPE clauses (1.17.0+). User-controlled strings are interpolated into generated Java code without proper escaping, allowing attackers to break out of string literals and inject arbitrary expressions. Users are recommended to upgrade to either version 1.20.4, 2.0.2, 2.1.2 or 2.2.1, which fixes this issue. 1.20.4 , 2.0.2 , 2.1.2 or 2.2.1 We recommend that you upgrade to .All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | apache | model: | flink | scope: | eq | version: | 2.2.0 | Trust: 1.8 |
| vendor: | apache | model: | flink | scope: | gte | version: | 2.0.0 | Trust: 1.0 |
| vendor: | apache | model: | flink | scope: | gte | version: | 2.1.0 | Trust: 1.0 |
| vendor: | apache | model: | flink | scope: | gte | version: | 1.15.0 | Trust: 1.0 |
| vendor: | apache | model: | flink | scope: | lt | version: | 1.20.4 | Trust: 1.0 |
| vendor: | apache | model: | flink | scope: | lt | version: | 2.1.2 | Trust: 1.0 |
| vendor: | apache | model: | flink | scope: | lt | version: | 2.0.2 | Trust: 1.0 |
| vendor: | apache | model: | flink | scope: | eq | version: | 1.15.0 that's all 1.20.4 | Trust: 0.8 |
| vendor: | apache | model: | flink | scope: | eq | version: | 2.1.0 that's all 2.1.2 | Trust: 0.8 |
| vendor: | apache | model: | flink | scope: | - | version: | - | Trust: 0.8 |
| vendor: | apache | model: | flink | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | apache | model: | flink | scope: | eq | version: | 2.0.0 that's all 2.0.2 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-94 | Trust: 1.0 |
| problemtype: | Code injection (CWE-94) [ others ] | Trust: 0.8 |
PATCH
| title: | Apache Flink | url: | https://lists.apache.org/thread/qh52bw4hhvy7n2owd8b3bt51mz0lvj9x | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2026-35194 | Trust: 2.6 |
| db: | OPENWALL | id: | OSS-SECURITY/2026/05/15/20 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2026-016230 | Trust: 0.8 |
REFERENCES
| url: | http://www.openwall.com/lists/oss-security/2026/05/15/20 | Trust: 1.0 |
| url: | https://lists.apache.org/thread/qh52bw4hhvy7n2owd8b3bt51mz0lvj9x | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2026-35194 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2026-016230 |
| db: | NVD | id: | CVE-2026-35194 |
LAST UPDATE DATE
2026-06-19T23:37:43.103000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2026-016230 | date: | 2026-05-20T04:20:00 |
| db: | NVD | id: | CVE-2026-35194 | date: | 2026-05-18T19:48:05.827 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2026-016230 | date: | 2026-05-20T00:00:00 |
| db: | NVD | id: | CVE-2026-35194 | date: | 2026-05-15T16:16:14.340 |