A vulnerability classified as critical was found in kestra-io kestra up to 1.0.44/1.3.20 . Affected by this issue is some unknown functionality of the file /api/v1 . The manipulation results in code injection. This vulnerability is known as CVE-2026-53576 . It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.