CVE-2026-53576: Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresses its resources by URL path segments that the caller chooses (/api/v1/{tenant}/flows/{namespace}, /api/v1/{tenant}/executions/{namespace}/{id}, /api/v1/{tenant}/namespaces/{namespace}/kv/{key}). An anonymous caller picks the literal configs as the final segment, and the request bypasses Basic-Auth entirely. Because the bypass reaches the flow-create and execution-trigger routes, an unauthenticated caller creates a flow containing a Shell or Process task and runs it. The task executes as root inside the kestra container. The official docker-compose.yml mounts /var/run/docker.sock, so root in the container reaches the host Docker daemon. This vulnerability is fixed in 1.0.45 and 1.3.21.
Metrics
- CVSS v3.1
- 10.0
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
This is an authentication bypass leading to unauthenticated remote code execution in Kestra, the open-source event-driven workflow orchestration platform. The vulnerability is reachable over the network with no credentials required and no victim interaction needed: an attacker crafts a URL whose final path segment is the literal string 'configs', which tricks the authentication filter into skipping the credential check entirely. A successful attacker creates an arbitrary workflow containing a Shell or Process task, triggers its execution as root inside the Kestra container, and because the official Docker Compose setup mounts the Docker socket, the attacker gains full control of the underlying host. Fix versions 1.0.45 and 1.3.21 have been published; a patched-image rebuild is available on HarborGuard for affected environments.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built Kestra images, in both registry scans and active CI/CD pipeline checks. Any image shipping a Kestra version below 1.0.45 or between 1.1.0 and 1.3.21 is flagged immediately.
AvailableHarborGuard surfaces this finding with the CVSS v3.1 base score of 10.0 (Critical) and applies each customer organization's own compliance policy weighting to determine urgency tier and routing. The resulting alert is sent to the inbox or ticketing integration configured for the affected environment within that organization.
AvailableA patched-image rebuild targeting Kestra 1.0.45 or 1.3.21 becomes available on HarborGuard as soon as an affected image is identified. For customers who opt into auto-remediation, HarborGuard runs a regression test suite against the rebuilt image and opens a pull request against the affected workload; for Critical-severity issues, the median time from CVE publication to merged patch PR in auto-remediation environments is around 90 minutes.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must reach the Kestra REST API over the network; no local or physical access is needed.
- AuthenticationNot required
No credentials are needed; the path-suffix filter bypass forwards the request before any credential check occurs.
- Victim interactionNot required
The attack is fully automated and requires no action from any user or administrator of the target system.
- Attack complexityDetail
Exploitation is straightforward and condition-free: the attacker simply appends the literal segment 'configs' to a targeted API path, making the exploit reliable and repeatable.
Blast Radius
- The attacker executes arbitrary shell commands as root inside the Kestra container, giving full read and write access to all files, secrets, and environment variables in that container.
- Because the official Docker Compose setup mounts /var/run/docker.sock, root in the container reaches the host Docker daemon and can launch, inspect, or destroy any container on the host.
- The attacker reads all workflow definitions, stored credentials, and namespace key-value secrets managed by the Kestra instance.
- The attacker modifies or deletes existing workflows and execution history, disrupting all scheduled and event-driven orchestration running on the platform.
How HarborGuard Handles This
Available on HarborGuard: this CVE carries a CVSS score of 10.0 Critical, so it is assigned the highest urgency tier in every environment where a matching image is found. For customers who opt into auto-remediation, HarborGuard rebuilds the affected image at Kestra 1.0.45 or 1.3.21, runs regression tests, and opens a pull request against the affected workload; median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, HarborGuard raises a prioritized alert routed to the team inbox or ticketing system configured for that environment. Because the Docker socket mount is a critical amplifying factor, customers who cannot patch immediately should consider compensating controls such as removing or restricting the /var/run/docker.sock bind mount, applying a Kubernetes or Docker network policy to block unauthenticated external access to the Kestra API port, and enabling egress filtering to limit what the Kestra container can reach on the host network.
- kestra-io / kestra< 1.0.45 · >= 1.1.0, < 1.3.21
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H