{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "cpe": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*",
            "extracted_events": [
              {
                "introduced": "4.0.0"
              },
              {
                "fixed": "5.0.4"
              }
            ],
            "source": "CPE_RANGE"
          },
          "events": [
            {
              "introduced": "aa6d582c0a96fdf31e85791f86850cfc00a7644f"
            },
            {
              "fixed": "193da6269b622add8738ecacc932b37cb205a8c7"
            }
          ],
          "repo": "https://github.com/apache/kylin",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "apache",
    "cwe_ids": [
      "CWE-280"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/62xxx/CVE-2026-62393.json",
    "unresolved_ranges": [
      {
        "extracted_events": [
          {
            "introduced": "4"
          },
          {
            "last_affected": "5.0.3"
          }
        ],
        "source": "AFFECTED_FIELD"
      },
      {
        "extracted_events": [
          {
            "introduced": "4"
          },
          {
            "fixed": "5.0.3"
          }
        ],
        "source": "DESCRIPTION"
      }
    ]
  },
  "details": "Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects.\n\nThis issue affects Apache Kylin: from 4 through 5.0.3.\n\nUsers are recommended to upgrade to version 5.0.4, which fixes the issue.",
  "id": "CVE-2026-62393",
  "modified": "2026-07-17T03:41:56.974389416Z",
  "published": "2026-07-14T12:19:27.705Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/07/14/6"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/62xxx/CVE-2026-62393.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://lists.apache.org/thread/xg8dcyjw0nkq5y8dhq3r25x3rxc62x9j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-62393"
    }
  ],
  "schema_version": "1.8.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Kylin: Improper authorization in job information retrieval"
}