Orchestration

vulnerabilities 2026-04-06
CVE-2026-34612: Kestra SQL Injection Chains to Host RCE via PostgreSQL COPY TO PROGRAM
Critical CVSS 9.9 flaw in Kestra orchestration platform lets authenticated attackers chain SQL injection through PostgreSQL COPY TO PROGRAM for arbitrary command execution on the Docker host.
cve sql-injection rce container-escape postgresql orchestration docker

CVE-2026-34612: Kestra SQL Injection Chains to Host RCE via PostgreSQL COPY TO PROGRAM