Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-35194

CVE-2026-35194: Apache Flink RCE Vulnerability

CVE-2026-35194 is a remote code execution flaw in Apache Flink that allows authenticated users to execute arbitrary code via crafted SQL queries. This post covers technical details, affected versions, impact, and mitigation.

Published:

CVE-2026-35194 Overview

CVE-2026-35194 is a code injection vulnerability in Apache Flink's SQL code generation engine. The flaw affects Apache Flink versions 1.15.0 through 1.20.x and 2.0.0 through 2.x. Authenticated users with query submission privileges can execute arbitrary code on Flink TaskManagers by submitting maliciously crafted SQL queries. The vulnerability exists because user-controlled strings are interpolated into generated Java code without proper escaping. Affected code paths include JSON functions introduced in 1.15.0 and LIKE expressions with ESCAPE clauses introduced in 1.17.0. The issue is tracked as [CWE-94] Improper Control of Generation of Code.

Critical Impact

Authenticated attackers can break out of Java string literals during SQL-to-Java code generation and execute arbitrary code on TaskManager nodes, compromising the confidentiality and integrity of the Flink cluster.

Affected Products

  • Apache Flink 1.15.0 through 1.20.3
  • Apache Flink 2.0.0 through 2.0.1
  • Apache Flink 2.1.0 through 2.1.1 and 2.2.0

Discovery Timeline

  • 2026-05-15 - CVE-2026-35194 published to NVD
  • 2026-05-15 - Apache Security Mailing List advisory posted
  • 2026-05-18 - Last updated in NVD database

Technical Details for CVE-2026-35194

Vulnerability Analysis

Apache Flink compiles SQL queries into Java code at runtime for execution on TaskManagers. The code generator embeds literal values supplied by the query author directly into Java source strings. When those literals contain Java string delimiters or escape sequences, the generated code is altered before compilation. An authenticated user submitting a crafted query can therefore inject arbitrary Java expressions into the compiled operator. Execution occurs in the TaskManager JVM, where Flink workloads run with access to checkpoint storage, connector credentials, and cluster network resources. The vulnerability is reachable over the network with low attack complexity once query submission rights are granted.

Root Cause

The root cause is unsafe string interpolation in Flink's runtime code generator. Functions that accept string arguments — including JSON manipulation functions and LIKE expressions with an ESCAPE clause — pass raw user input into the templated Java source without escaping quote characters or backslashes. Java compilation then treats injected content as syntactically valid code rather than data, satisfying the conditions for [CWE-94] code injection.

Attack Vector

An attacker authenticated to the Flink SQL Gateway, SQL Client, or any application that forwards user-supplied SQL to a Flink session submits a query containing a crafted JSON function argument or a LIKE ... ESCAPE expression. The malicious literal closes the generated Java string and appends arbitrary statements. When the operator is compiled and deployed to the TaskManager, those statements execute with the privileges of the Flink worker process. The vulnerability does not require local access or user interaction beyond submitting the query.

No verified public proof-of-concept is available. Refer to the Apache Security Mailing List Post and the OpenWall OSS Security Bulletin for vendor technical details.

Detection Methods for CVE-2026-35194

Indicators of Compromise

  • Unexpected child processes spawned by Flink TaskManager JVMs, such as shells, package managers, or network utilities.
  • Outbound network connections from TaskManager hosts to addresses outside the documented data plane.
  • New or modified files in Flink working directories, checkpoint paths, or /tmp that do not correspond to scheduled jobs.
  • Submitted SQL jobs containing unusual escape sequences, embedded quotation marks, or unexpected backslashes inside JSON function arguments or LIKE ... ESCAPE clauses.

Detection Strategies

  • Inspect Flink JobManager and SQL Gateway logs for query text matching JSON functions or LIKE expressions with non-standard ESCAPE characters.
  • Correlate query submission events with process creation telemetry on TaskManager hosts to identify post-compilation command execution.
  • Audit Flink user accounts and query submission privileges to identify which identities can reach the vulnerable code paths.

Monitoring Recommendations

  • Enable Flink audit logging and forward SQL submissions to a centralized log platform for retention and review.
  • Monitor TaskManager hosts for anomalous outbound traffic, new listening ports, and modifications to the Flink installation directory.
  • Alert on Java process spawning interactive shells or executing scripting interpreters, which is uncommon for healthy Flink workloads.

How to Mitigate CVE-2026-35194

Immediate Actions Required

  • Upgrade Apache Flink to a fixed release: 1.20.4, 2.0.2, 2.1.2, or 2.2.1.
  • Restrict SQL query submission privileges to trusted operators until the upgrade is complete.
  • Place the SQL Gateway and JobManager endpoints behind authenticated network controls and remove any public exposure.
  • Review historical query logs for evidence of exploitation prior to patching.

Patch Information

The Apache Flink project has released fixed versions 1.20.4, 2.0.2, 2.1.2, and 2.2.1. Each release escapes user-controlled string literals before they are interpolated into generated Java code, closing both the JSON function and LIKE ... ESCAPE injection paths. See the Apache Security Mailing List Post for the official notice.

Workarounds

  • Disable use of JSON SQL functions and LIKE expressions with ESCAPE clauses in environments that cannot be patched immediately.
  • Limit Flink session and SQL Gateway access to a small set of trusted operator identities via authentication and network policy.
  • Run TaskManagers under least-privilege service accounts and apply container or OS sandboxing to limit the impact of code execution.
bash
# Verify the running Flink version and upgrade if vulnerable
flink --version

# Example: download a fixed release
wget https://archive.apache.org/dist/flink/flink-1.20.4/flink-1.20.4-bin-scala_2.12.tgz

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne