A vulnerability was found in Apache NiFi up to 2.7.x . It has been declared as critical . This issue affects some unknown processing of the component TinkerpopClientService . The manipulation results in permission issues. This vulnerability is cataloged as CVE-2026-39816 . The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.