CVE-2026-41041
URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0
CVSS
9.1
Critical
EPSS
0.6%
p44
KEV
—
Exploit Today
13
0-100
Published: Jul 13, 2026 · Last modified: Jul 13, 2026 · CWE-177
0.2%EPSS · 30 days0.6%
2026-07-132026-07-17
URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue.