Kestra is a technology platform tracked across 1 threat cluster and 2 intelligence report mentions on ThreatCluster. First observed April 4, 2026; most recent activity April 4, 2026.
A critical SQL Injection vulnerability, identified as CVE-2026-34612, affects Kestra versions prior to 1.3.7. This vulnerability exists in the GET /api/v1/main/flows/ endpoint of the default Docker Compose deployment,…