CVE-2026-53576 in kestra
Summary
by MITRE • 06/27/2026
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresses its resources by URL path segments that the caller chooses (/api/v1/{tenant}/flows/{namespace}, /api/v1/{tenant}/executions/{namespace}/{id}, /api/v1/{tenant}/namespaces/{namespace}/kv/{key}). An anonymous caller picks the literal configs as the final segment, and the request bypasses Basic-Auth entirely. Because the bypass reaches the flow-create and execution-trigger routes, an unauthenticated caller creates a flow containing a Shell or Process task and runs it. The task executes as root inside the kestra container. The official docker-compose.yml mounts /var/run/docker.sock, so root in the container reaches the host Docker daemon. This vulnerability is fixed in 1.0.45 and 1.3.21.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/27/2026
The vulnerability identified in Kestra orchestration platform affects versions prior to 1.0.45 and 1.3.21, presenting a critical authentication bypass that enables unauthorized access to sensitive system resources through a flaw in the REST API authentication filter implementation. This security weakness specifically targets the @Filter("/api/v1/**") mechanism that governs access control for the platform's application programming interface, creating a pathway where requests with paths ending in /configs are automatically treated as public instance configuration endpoints regardless of authentication status.
The technical flaw stems from improper path segment handling within the authentication filtering logic, where the system fails to properly validate endpoint access based on the complete URL structure. When an attacker constructs a request with a path that ends in /configs, the authentication filter incorrectly identifies this as a legitimate public endpoint and bypasses all credential verification processes entirely. This misconfiguration occurs because the platform's resource addressing mechanism utilizes URL path segments that can be arbitrarily chosen by callers, creating a predictable pattern where specific path endings map to sensitive operations.
The operational impact of this vulnerability is severe and directly exploitable by any anonymous user who can access the REST API. Attackers can leverage this bypass to reach critical routes including flow creation and execution triggering functionality, enabling them to deploy malicious workflows containing Shell or Process tasks that execute with elevated privileges within the container environment. The root-level execution context within the kestra container presents a significant escalation path since the official docker-compose.yml configuration mounts the host's /var/run/docker.sock volume, allowing containerized processes to directly interact with and control the host Docker daemon.
This vulnerability maps to CWE-287 (Improper Authentication) and represents a direct violation of the principle of least privilege, as it allows unauthorized access to administrative functions through path-based misconfiguration. The ATT&CK framework categorizes this as Privilege Escalation through Application Misconfiguration, specifically targeting the T1548.003 technique for Abuse of Cloud Infrastructure. The attack chain begins with initial access through the public API endpoint and progresses to container breakout and host-level compromise, making it particularly dangerous in containerized deployment environments where such privilege escalation can lead to complete system compromise.
The security implications extend beyond immediate unauthorized workflow execution, as this vulnerability enables persistent access to the orchestration platform's core functionality. Attackers can create malicious flows that execute arbitrary commands, potentially leading to data exfiltration, system modification, or further exploitation of compromised infrastructure. The fix implemented in versions 1.0.45 and 1.3.21 addresses the root cause by correcting the authentication filter logic to properly validate all endpoint requests regardless of path segment endings, ensuring that sensitive operations requiring authentication are appropriately protected against unauthorized access attempts.