Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-38428: Kestra v1.3.3 and before allows hackers to manipulate database queries
CVE-2026-38428
Summary
Kestra versions 1.3.3 and earlier are at risk because hackers can inject malicious code into database queries. This can lead to unauthorized access to sensitive information. To stay safe, update to the latest version of Kestra.
Original title
Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper saniti...
Original description
Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the database query.
Vulnerability type
CWE-89
SQL Injection
Published: 5 May 2026 · Updated: 28 May 2026 · First seen: 5 May 2026