Apache NiFi: 2.6.0 → 2.9.0
Apache · upgrade impact · Official site ↗
Fixed by upgrading to 2.9.0 iVulnerabilities that affect 2.6.0 but no longer affect 2.9.0 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2026-39816 HIGH EPSS 1% ✓ cleared in 2.9.0 CVE-2026-25903 MEDIUM EPSS 1% ✓ cleared in 2.9.0 CVE-2025-66524 HIGH EPSS 0% ✓ cleared in 2.9.0