A vulnerability was found in kestra-io kestra up to 1.0.42/1.1.18/1.2.18/1.3.18 and classified as critical . The affected element is an unknown function. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-48129 . The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.