Back to overview

CVE-2026-41041

Description
URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue.

Metadata

CVE ID
CVE-2026-41041
State
PUBLISHED
Assigner
apache
Reserved
2026-04-16 08:43 UTC
Published
2026-07-13 09:08 UTC
Last updated
2026-07-13 11:06 UTC
Primary CWE
CWE-177
CWE-177 Improper Handling of URL Encoding (Hex Encoding)
Vendor / Product
Apache Software Foundation / Apache Gravitino
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Apache Software Foundation Apache Gravitino 1.0.0 < 1.2.1
Weakness (CWE)
CWESourceDescription
CWE-177 cna CWE-177 Improper Handling of URL Encoding (Hex Encoding)
Back to overview