An urgent security advisory detailing a critical vulnerability in Apache Flink, a highly popular open-source, unified stream-processing and batch-processing framework.
Tracked officially as CVE-2026-35194, this critical-severity flaw allows authenticated attackers to achieve Remote Code Execution (RCE) on Flink TaskManagers.
Discovered by Yaswant Katakam of Confluent InfoSec, the vulnerability highlights a complex intersection of SQL injection and dynamic code generation, posing a severe risk to enterprise data architectures, multi-tenant streaming environments, and cloud-native analytics platforms.
As organizations increasingly rely on real-time data streaming for operational intelligence, fraud detection, and microservices communication, the underlying infrastructure has become a prime target for sophisticated threat actors.
CVE-2026-35194: Apache Flink RCE Vulnerability
To understand the severity of CVE-2026-35194, one must first understand how Apache Flink processes SQL queries for stream and batch analytics. To achieve maximum throughput and minimal latency, Flink does not simply interpret SQL queries at runtime.
Instead, it utilizes a sophisticated technique known as dynamic code generation. When a user submits a Flink SQL query, the framework’s optimizer translates the relational algebra into optimized, executable Java code on the fly.
This dynamically generated code is then compiled and distributed to the TaskManagers the worker nodes responsible for executing the data processing tasks.
The vulnerability resides precisely within this translation layer. According to the disclosure, user-controlled strings are interpolated directly into the generated Java code without proper escaping or sanitization.
This is a classic injection paradigm, but rather than manipulating backend database queries, the attacker is manipulating the actual Java bytecode that the application compiles and runs.
The flaw specifically manifests in two distinct SQL features:
- JSON Functions: Introduced in Flink version 1.15.0, these functions allow users to parse, query, and manipulate JSON payloads directly within Flink SQL.
- LIKE Expressions with ESCAPE clauses: Introduced in Flink version 1.17.0, this allows for pattern matching in string data with custom escape characters.
If a malicious user submits a carefully crafted string through these functions, they can successfully break out of the intended string literal context within the generated Java source code.
By terminating the string definition prematurely often using specific quote characters and Java statement terminators the attacker can append arbitrary Java expressions. When the Flink runtime compiles this manipulated code, the injected payload becomes native executable logic on the host system.
While the severity of CVE-2026-35194 is categorized as critical, successful exploitation does require specific preconditions. The attacker must be authenticated and possess privileges to submit SQL queries to the Apache Flink cluster.
However, in modern enterprise environments, this prerequisite is not a steep barrier. Many organizations operate multi-tenant data platforms where data scientists, analysts, and downstream application developers are routinely granted query submission rights.
In such environments, CVE-2026-35194 effectively acts as a devastating privilege escalation and container escape vector. A user with ostensibly limited, data-level access can leverage this vulnerability to gain underlying operating system-level execution rights on the Flink TaskManagers.
Once the malicious Java code is compiled and executed by the TaskManager, the attacker achieves arbitrary code execution within the context of the Flink process. This opens the door to a myriad of post-exploitation scenarios.
The compromise of a Flink TaskManager node represents a critical breach of the data infrastructure perimeter. Because TaskManagers are responsible for actively processing data streams, the immediate impact includes:
- Massive Data Exfiltration: Attackers can intercept, copy, or modify sensitive data streams in real-time before they reach secure storage, bypassing traditional database security controls.
- Lateral Movement: TaskManagers operate within trusted network zones, often alongside Apache Kafka clusters, Hadoop Distributed File Systems (HDFS), cloud object stores (like AWS S3 or Azure Blob), and backend operational databases. An RCE on a TaskManager provides an ideal beachhead for pivoting deeper into the corporate network.
- Resource Hijacking: Big data clusters are highly resourced. Attackers can hijack the immense CPU and memory allocations of the Flink workers for illicit cryptomining operations or to launch distributed denial-of-service (DDoS) attacks against internal or external targets.
- Integrity Compromise: By altering the logic of stream processing, attackers can silently corrupt analytics pipelines, leading to poisoned business intelligence, flawed machine learning models, and incorrect automated decision-making.
Patch and Remediation
The Apache Flink community has responded swiftly to this disclosure by releasing comprehensive security patches across all active release branches.
Because the vulnerability spans multiple major and minor version lineages affecting versions 1.15.0 through 1.20.x, as well as the newer 2.0.0 through 2.x lines administrators must carefully map their current deployments to the corresponding patched releases.
Vulnerable Versions:
- Apache Flink 1.15.x, 1.16.x, 1.17.x, 1.18.x, 1.19.x, and 1.20.0 to 1.20.3
- Apache Flink 2.0.0 to 2.0.1
- Apache Flink 2.1.0 to 2.1.1
- Apache Flink 2.2.0
Secured Versions (Upgrade Targets):
Administrators must immediately upgrade their clusters to one of the following secured versions:
- 1.20.4
- 2.0.2
- 2.1.2
- 2.2.1
If immediate patching is absolutely impossible due to strict change-freeze windows or complex dependency conflicts, security teams should implement extreme access control measures. Organizations should strictly audit and restrict who has query submission privileges, temporarily disabling multi-tenant access if necessary.
Furthermore, rigorous monitoring of submitted SQL queries specifically looking for anomalous usage of JSON functions or LIKE ... ESCAPE clauses containing unusual characters or Java syntax should be implemented at the network or application gateway level, though patching remains the only definitive solution.
FAQ
What is CVE-2026-35194?
It is a critical Remote Code Execution vulnerability in Apache Flink caused by improper escaping of user input during dynamic Java code generation.
Which versions of Apache Flink are affected by this vulnerability?
The flaw impacts Flink versions 1.15.0 through 1.20.3, and versions 2.0.0 through 2.2.0.
How does an attacker exploit this Flink vulnerability?
An authenticated user with query privileges can inject malicious Java expressions via SQL JSON functions or LIKE clauses to execute arbitrary code on TaskManagers.
What is the recommended fix for CVE-2026-35194?
Administrators must immediately upgrade their Flink deployments to the patched versions: 1.20.4, 2.0.2, 2.1.2, or 2.2.1.
Site: thecybrdef.com
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.
About the Author
