CVE-2026-41041

medium Apache
EPSS Score
0.2%
Exploitation probability in 30 days
Top 88% most likely to be exploited
Published: July 13, 2026 (0 days ago)
Last Modified: July 13, 2026
Vendor: Apache
Source: MITRE

Description

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue.

CWE

CWE-177

Affected Products

Apache Software Foundation Apache Gravitino

References