CVE-2022-26112: Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support in Apache Software Foundation Apache Pinot
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0
AI Analysis
Technical Summary
CVE-2022-26112 is a critical remote code execution vulnerability affecting Apache Pinot versions 0.10.0 and earlier. Apache Pinot is an open-source distributed data store designed for real-time analytics. The vulnerability arises from the support of Groovy functions within the Pinot query endpoint and the real-time ingestion layer. Groovy is a powerful scripting language for the Java platform, and its integration allows dynamic execution of scripts. However, in unprotected environments where access controls are insufficient or absent, this feature can be exploited by unauthenticated attackers to execute arbitrary code remotely. This is due to improper input validation and unsafe deserialization associated with Groovy function support, classified under CWE-94 (Improper Control of Generation of Code). The vulnerability has a CVSS v3.1 score of 9.8, indicating critical severity with network attack vector, no required privileges, no user interaction, and full impact on confidentiality, integrity, and availability. The Apache Software Foundation addressed this issue by disabling Groovy function support by default starting with Apache Pinot 0.11.0. Organizations running vulnerable versions without proper network segmentation or access controls are at significant risk of compromise, including data breaches, service disruption, and full system takeover.
Potential Impact
For European organizations, the impact of CVE-2022-26112 can be severe, especially for those relying on Apache Pinot for real-time analytics and data processing. Exploitation could lead to unauthorized data access, manipulation, or deletion, undermining data integrity and confidentiality. Given the critical nature of the vulnerability, attackers could disrupt business operations by causing denial of service or deploying ransomware or other malware. Organizations in sectors such as finance, telecommunications, healthcare, and government, which often process sensitive or regulated data, face heightened risks including regulatory penalties under GDPR if data breaches occur. Additionally, the real-time nature of Pinot deployments means that exploitation could affect live data streams, causing immediate operational impact. The lack of authentication and user interaction requirements makes this vulnerability particularly dangerous in exposed environments, increasing the likelihood of automated attacks and widespread exploitation if unmitigated.
Mitigation Recommendations
1. Upgrade Apache Pinot to version 0.11.0 or later, where Groovy function support is disabled by default, effectively mitigating this vulnerability. 2. If upgrading is not immediately feasible, disable Groovy function support manually in the configuration to prevent exploitation. 3. Restrict network access to Pinot query endpoints and ingestion layers using firewalls, VPNs, or network segmentation to limit exposure to trusted users and systems only. 4. Implement strict access controls and authentication mechanisms around Pinot services to prevent unauthorized access. 5. Monitor logs and network traffic for unusual query patterns or unexpected Groovy script executions that may indicate exploitation attempts. 6. Conduct regular security assessments and penetration testing focused on Pinot deployments to identify and remediate potential weaknesses. 7. Educate DevOps and security teams about the risks associated with enabling scripting features in data platforms and enforce secure configuration baselines.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Switzerland, Italy
CVE-2022-26112: Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support in Apache Software Foundation Apache Pinot
Description
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0
AI-Powered Analysis
Technical Analysis
CVE-2022-26112 is a critical remote code execution vulnerability affecting Apache Pinot versions 0.10.0 and earlier. Apache Pinot is an open-source distributed data store designed for real-time analytics. The vulnerability arises from the support of Groovy functions within the Pinot query endpoint and the real-time ingestion layer. Groovy is a powerful scripting language for the Java platform, and its integration allows dynamic execution of scripts. However, in unprotected environments where access controls are insufficient or absent, this feature can be exploited by unauthenticated attackers to execute arbitrary code remotely. This is due to improper input validation and unsafe deserialization associated with Groovy function support, classified under CWE-94 (Improper Control of Generation of Code). The vulnerability has a CVSS v3.1 score of 9.8, indicating critical severity with network attack vector, no required privileges, no user interaction, and full impact on confidentiality, integrity, and availability. The Apache Software Foundation addressed this issue by disabling Groovy function support by default starting with Apache Pinot 0.11.0. Organizations running vulnerable versions without proper network segmentation or access controls are at significant risk of compromise, including data breaches, service disruption, and full system takeover.
Potential Impact
For European organizations, the impact of CVE-2022-26112 can be severe, especially for those relying on Apache Pinot for real-time analytics and data processing. Exploitation could lead to unauthorized data access, manipulation, or deletion, undermining data integrity and confidentiality. Given the critical nature of the vulnerability, attackers could disrupt business operations by causing denial of service or deploying ransomware or other malware. Organizations in sectors such as finance, telecommunications, healthcare, and government, which often process sensitive or regulated data, face heightened risks including regulatory penalties under GDPR if data breaches occur. Additionally, the real-time nature of Pinot deployments means that exploitation could affect live data streams, causing immediate operational impact. The lack of authentication and user interaction requirements makes this vulnerability particularly dangerous in exposed environments, increasing the likelihood of automated attacks and widespread exploitation if unmitigated.
Mitigation Recommendations
1. Upgrade Apache Pinot to version 0.11.0 or later, where Groovy function support is disabled by default, effectively mitigating this vulnerability. 2. If upgrading is not immediately feasible, disable Groovy function support manually in the configuration to prevent exploitation. 3. Restrict network access to Pinot query endpoints and ingestion layers using firewalls, VPNs, or network segmentation to limit exposure to trusted users and systems only. 4. Implement strict access controls and authentication mechanisms around Pinot services to prevent unauthorized access. 5. Monitor logs and network traffic for unusual query patterns or unexpected Groovy script executions that may indicate exploitation attempts. 6. Conduct regular security assessments and penetration testing focused on Pinot deployments to identify and remediate potential weaknesses. 7. Educate DevOps and security teams about the risks associated with enabling scripting features in data platforms and enforce secure configuration baselines.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- apache
- Date Reserved
- 2022-02-25T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6835d30c182aa0cae216c44f
Added to database: 5/27/2025, 2:58:20 PM
Last enriched: 7/6/2025, 4:12:11 AM
Last updated: 8/1/2025, 12:35:12 AM
Views: 8
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.