A vulnerability was found in Apache Flink up to 1.20.3/2.0.1/2.1.1/2.2.0 . It has been declared as critical . Affected by this vulnerability is an unknown functionality of the component TaskManagers . The manipulation results in code injection. This vulnerability was named CVE-2026-35194 . The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.