Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-40564

CVE-2026-40564: Apache Flink Kubernetes Operator SSRF Flaw

CVE-2026-40564 is a Server-Side Request Forgery vulnerability in Apache Flink Kubernetes Operator that allows unauthorized file access and requests. This article covers the technical details, affected versions, and mitigations.

Published:

CVE-2026-40564 Overview

CVE-2026-40564 is a Server-Side Request Forgery (SSRF) and file disclosure vulnerability in the Apache Flink Kubernetes Operator. The flaw resides in the FlinkSessionJob resource, where the jarURI field is not validated before use. An attacker with permission to create custom resources can read files from the operator pod's filesystem, pull content from any backing store reachable through Flink's pluggable filesystem layer, and issue requests to arbitrary HTTP/HTTPS endpoints. The operator applies no URI scheme allowlist, host check, or IP-range restriction, allowing requests to internal and link-local addresses. Versions from 1.3.0 up to but not including 1.15.0 are affected.

Critical Impact

An authenticated user with custom resource create permissions can exfiltrate files from the operator pod and reach internal cluster services via SSRF.

Affected Products

  • Apache Flink Kubernetes Operator 1.3.0 through 1.14.x
  • Deployments exposing FlinkSessionJob custom resource creation to multi-tenant users
  • Clusters where the operator pod has access to sensitive files or internal endpoints

Discovery Timeline

  • 2026-05-26 - CVE-2026-40564 published to NVD
  • 2026-05-26 - Last updated in NVD database

Technical Details for CVE-2026-40564

Vulnerability Analysis

The Apache Flink Kubernetes Operator processes FlinkSessionJob custom resources to launch Flink jobs. Each FlinkSessionJob specifies a jarURI indicating where the operator should fetch the job's JAR artifact. The operator dereferences this URI without enforcing constraints on the source, mapping the classification to [CWE-552] Files or Directories Accessible to External Parties.

Because Flink uses a pluggable filesystem layer, the jarURI can reference local paths, mounted volumes, object stores, and other backends configured in the operator. An attacker submits a crafted FlinkSessionJob referencing a sensitive path such as a Kubernetes service account token or operator configuration file. The operator reads the file and delivers its contents to the resulting Flink job, where the attacker controls execution.

The HTTP/HTTPS fetcher amplifies the impact. With no scheme allowlist or destination filtering, the attacker can target the Kubernetes API server, cloud metadata services, link-local addresses, and other internal-only endpoints reachable from the operator pod.

Root Cause

The jarURI input is treated as trusted user data. The operator skips validation of scheme, host, IP range, and filesystem path before resolving the URI through Flink's filesystem abstractions or HTTP client.

Attack Vector

An attacker with create permission on FlinkSessionJob resources submits a custom resource whose jarURI points to a sensitive local path or internal URL. The operator fetches the resource and exposes its contents to the attacker-controlled job runtime. See the Apache Mailing List Discussion and the OpenWall OSS Security Update for additional context.

Detection Methods for CVE-2026-40564

Indicators of Compromise

  • FlinkSessionJob custom resources whose jarURI references local paths such as file:///, /var/run/secrets/, or operator configuration directories
  • jarURI values pointing to link-local or internal addresses including 169.254.169.254, 127.0.0.1, 10.0.0.0/8, or metadata.google.internal
  • Outbound HTTP requests from the Flink Kubernetes Operator pod to cloud metadata endpoints or Kubernetes API server addresses

Detection Strategies

  • Audit Kubernetes API server logs for FlinkSessionJob create and update events and inspect the embedded jarURI field
  • Inspect operator pod network egress for connections to internal RFC1918 ranges or cloud metadata IPs that fall outside normal artifact repositories
  • Review Flink job submission logs for JARs whose source paths reference operator-local filesystem locations

Monitoring Recommendations

  • Forward Kubernetes audit logs and operator pod telemetry into a centralized analytics pipeline such as Singularity Data Lake for cross-source correlation using OCSF normalization
  • Apply behavioral alerts on the operator pod for unexpected file reads of service account tokens, kubeconfig files, or cloud credentials
  • Track all created FlinkSessionJob resources against an approved list of artifact repositories

How to Mitigate CVE-2026-40564

Immediate Actions Required

  • Upgrade the Apache Flink Kubernetes Operator to version 1.15.0, which validates jarURI inputs
  • Restrict RBAC so that only trusted service accounts can create or modify FlinkSessionJob resources
  • Apply Kubernetes NetworkPolicies to limit the operator pod's egress to known artifact repositories

Patch Information

Apache has released Apache Flink Kubernetes Operator 1.15.0, which fixes the jarURI validation gap. Operators on any release between 1.3.0 and 1.14.x must upgrade. Refer to the Apache Mailing List Discussion for the official announcement.

Workarounds

  • Enforce admission control policies (OPA Gatekeeper or Kyverno) that reject FlinkSessionJob resources whose jarURI does not match an allowlisted scheme and host
  • Remove sensitive files and credentials from the operator pod's filesystem where feasible
  • Block egress from the operator pod to link-local, RFC1918, and cloud metadata addresses using NetworkPolicies or service mesh egress rules

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne