CVE-2026-53577 kestra-io CVE debrief

Who should care

Users of Kestra, especially those with multi-tenant environments, should be aware of this vulnerability. Authenticated users within the same tenant can exploit this to access unauthorized execution output files. Administrators and security teams responsible for Kestra deployments should prioritize patching to versions 1.0.45 or 1.3.21.

Technical summary

The previewFileFromExecution endpoint in Kestra's API allows an authenticated user to preview files from executions. However, due to an access control bypass, this endpoint does not properly enforce execution-level and namespace-level isolation. As a result, any authenticated user can read output files from any other execution within the same tenant. This vulnerability has a CVSS score of 6.5 and is classified as MEDIUM severity. The issue is addressed in Kestra versions 1.0.45 and 1.3.21.

Defensive priority

Patching to versions 1.0.45 or 1.3.21 is highly recommended. In the interim, restricting access to the previewFileFromExecution endpoint and closely monitoring API usage for suspicious activity can help mitigate the risk.

Recommended defensive actions

• Patch Kestra to version 1.0.45 or 1.3.21
• Restrict access to the previewFileFromExecution endpoint
• Monitor API usage for suspicious activity
• Review and update access controls for Kestra executions
• Perform regular security audits on Kestra deployments

Evidence notes

The CVE-2026-53577 vulnerability is documented in the official CVE record and the NVD database. Additional information is available from the Kestra security advisory on GitHub. The vulnerability allows authenticated users to bypass access controls and read output files from other executions within the same tenant.

Official resources