CVE-2026-55069 is a high-severity vulnerability in the Kestra OSS workflow orchestration platform's BasicAuth authentication component. An attacker with read access to the PostgreSQL database can exploit this vulnerability to recover the administrator password offline due to SHA-512's high computation speed. In Kubernetes deployments, a successful crack enables reading of the cluster ServiceAccount Token [truncated]
CVE-2026-45807 is a high-severity vulnerability in Kestra, an open-source, event-driven orchestration platform. The vulnerability exists in several Kestra API endpoints that accept a kestra:// URI from clients and pass it through StorageInterface.parentTraversalGuard before reading the underlying file from the local storage backend. An authenticated user can exploit this vulnerability to read any file on [truncated]
