HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-49869Published Modified CNA GitHub_M

CVE-2026-49869: Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().endsWith("/configs") to whitelist the public configuration endpoint from Basic Auth. Because the check is a suffix match rather than an exact path match, any API path whose last segment is configs bypasses authentication entirely. An unauthenticated remote attacker can exploit this to create and execute arbitrary workflows without credentials. Because Kestra ships with script execution plugins (plugin-script-shell, plugin-script-python, etc.) enabled by default, this directly results in unauthenticated Remote Code Execution as root inside the Kestra worker container. This vulnerability is fixed in 1.0.45 and 1.3.21.

Metrics

CVSS v3.1
10.0
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is an authentication bypass vulnerability in Kestra, an open-source workflow orchestration platform. A remote attacker with no credentials can exploit a flawed suffix-match path check in AuthenticationFilter to reach any API endpoint whose path ends with "/configs", bypassing Basic Auth entirely. Successful exploitation gives the attacker the ability to create and execute arbitrary workflows, which translates directly to unauthenticated remote code execution as root inside the Kestra worker container because script execution plugins are enabled by default. No fix versions have been published yet; HarborGuard is tracking the upstream advisory and will make a patched-image rebuild available the moment a fix is released.

HarborGuard Coverage

Detection

Detection of CVE-2026-49869 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI pipelines, including custom-built images that bundle Kestra or its worker components.

Available
Triage

Triage is available using the CVSS v3.1 base score of 10.0 (Critical), weighted against each customer organization's per-environment compliance policy; the resulting alert is routed to the inbox or ticketing integration configured for that org so the right team sees it immediately.

Available
Patch

Because no upstream fix has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment versions 1.0.45 or 1.3.21 (or later) are released upstream. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be initiated without manual intervention once the fix is available.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Kestra API service over the network; any internet- or LAN-exposed Kestra instance is in scope.

  • AuthenticationNot required

    No credentials of any kind are needed; the suffix-match bypass in AuthenticationFilter allows fully unauthenticated access to protected API endpoints.

  • Victim interactionNot required

    The attack is fully server-side and requires no action from any user or administrator.

  • Attack complexityDetail

    Exploitation is reliable and condition-free; the attacker simply crafts a request path ending in "/configs" and the filter bypass is consistently triggered.

Blast Radius

  • The attacker executes arbitrary operating-system commands as root inside the Kestra worker container, giving full control of that container environment.
  • All secrets, environment variables, and mounted credentials visible to the worker process are readable by the attacker.
  • The attacker can create, modify, or delete Kestra workflows and their stored state, corrupting orchestration logic and persisted job data.
  • Depending on network posture and mounted volumes, the attacker can pivot from the worker container to adjacent services or storage backends accessible from within the cluster.

How HarborGuard Handles This

Available on HarborGuard: because no upstream patch exists at this time, HarborGuard continuously re-checks the Kestra advisory on every feed ingest cycle and will surface a patched-image rebuild the moment versions 1.0.45 or 1.3.21 are published. For customers with auto-remediation enabled, the rebuild plus a regression-test run and a PR against affected workloads will be triggered automatically with no manual steps required. While awaiting a fix, compensating controls worth considering include isolating Kestra API endpoints behind a network policy that restricts inbound access to trusted source CIDRs only, placing an authenticating reverse proxy or API gateway in front of the Kestra service to enforce credential checks independently of AuthenticationFilter, and disabling or removing script execution plugins (plugin-script-shell, plugin-script-python, and similar) from worker images where those capabilities are not operationally required, which removes the direct path to remote code execution even if the authentication bypass is reached.

See how HarborGuard automates this
Affected packages
  • kestra-io / kestra
    < 1.0.45 · >= 1.1.0, < 1.3.21
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References