A vulnerability, which was classified as critical, has been found in Apache Kylin up to 5.0.3. The impacted element is an unknown function of the component Catalog Cache Refresh API. This manipulation causes sql injection.

This vulnerability appears as CVE-2026-62390. The attack may be initiated remotely. There is no available exploit.

It is advisable to upgrade the affected component.