Apache Flink
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache Flink.
Known Exploited Apache Flink Vulnerabilities
The following Apache Flink vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apache Flink Improper Access Control Vulnerability |
Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface. CVE-2020-17519 Exploit Probability: 94.4% |
May 23, 2024 |
The vulnerability CVE-2020-17519: Apache Flink Improper Access Control Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 0 vulnerabilities in Apache Flink. Flink did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 7.50 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Flink vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Flink Security Vulnerabilities
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well)
CVE-2020-17519
7.5 - High
- January 05, 2021
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
Files or Directories Accessible to External Parties
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Flink or by Apache? Click the Watch button to subscribe.
