A vulnerability, which was classified as critical, has been found in Apache Gravitino up to 1.2.0. This impacts an unknown function of the component MCP REST Client f-string URL Handler. The manipulation leads to injection.
This vulnerability is listed as CVE-2026-41041. The attack must be carried out from within the local network. There is no available exploit.
It is advisable to upgrade the affected component.