A vulnerability has been found in Apache Storm Prometheus Reporter up to 2.8.6 and classified as critical . Impacted is an unknown function. The manipulation leads to improper certificate validation. This vulnerability is referenced as CVE-2026-40557 . Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.