Nifi
This hub aggregates every CVE we track for Nifi, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
50
CVEs tracked
3
Critical
24
High
0
In CISA KEV
Severity distribution
HIGH24MEDIUM23CRITICAL3
Monthly trend
0
0
1
1
1
0
0
1
0
0
0
0
0
0
0
0
1
0
1
0
0
1
4
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Nifi.
- CVE-2026-44914Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents7.2
- CVE-2026-44911Apache NiFi: Incorrect Authorization for Configuration Verification Requests6.3
- CVE-2026-44913Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL7.2
- CVE-2026-54665Apache NiFi: Missing Validation for Proxy Host Headers5.3
- CVE-2026-39816Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService8.8
- CVE-2026-25903Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates8.4
- CVE-2025-66524Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor8.8
- CVE-2025-27017Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record6.5
- CVE-2024-56512Apache NiFi: Missing Complete Authorization for Parameter and Service References5.4
- CVE-2024-52067Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log4.9
- CVE-2024-45477Apache NiFi: Improper Neutralization of Input in Parameter Description4.6
- CVE-2024-37389Apache NiFi: Improper Neutralization of Input in Parameter Context Description4.6
- CVE-2023-49145Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt7.9
- CVE-2023-40037Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs6.5
- CVE-2023-36542Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources8.8
Product normalization is registry-driven with AI assist and human review. How it works