VDB
GCVE-110-CONFSA-2026-0020
GCVE-110-CONFSA-2026-0020
Advisory Published
Impacted versions: Confluent Platform Confluent Cloud ksqlDB managed clusters Recommended action: Confluent Cloud customers do not need to take any action. Confluent has patched all impacted ksqlDB managed clusters. Confluent Platform customers should upgrade to the latest patched release versions. Issue: Multiple remote code execution (RCE) vulnerabilities have been identified in ksqlDB's runtime code generation layer. ksqlDB uses an embedded Java compiler (Janino) to compile and execute SQL expressions at runtime. Due to insufficient sanitization of user-supplied SQL identifiers when embedded into generated Java code, an authenticated user can craft SQL queries that inject arbitrary Java code into the compilation pipeline. The injected code is then executed on the ksqlDB server during query evaluation. Authenticated users with privileges to execute ksqlDB queries can inject arbitrary code through embedded SQL identifiers, including STRUCT field names, lambda expressions, CAST expressions, and schema-derived field names. Successful exploitation results in arbitrary code execution on the ksqlDB cluster. Remediation: Confluent Platform This issue is resolved in the following versions of Confluent Platform: 8.2.1, 8.1.3, 8.0.5, 7.9.7, 7.8.8, 7.7.9, 7.6.11, 7.5.14, 7.4.15. Confluent Cloud Confluent Cloud managed clusters have already been patched and no further action is necessary. CVSS Scores : Confluent Cloud : CVSS: 9.1 ( CVSS v3.1 Calculator ) Confluent Platform : CVSS: 8.4 ( CVSS v3.1 Calculator )
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.