This site uses cookies to enhance your experience.  By continuing to visit this website, you consent to the use of these cookies. Click here to learn more about our privacy policy.

Sanfor Technologies Blog Background Image

Apache Druid Remote Code Execution Vulnerability CVE-2021-25646




Apache Druid is a distributed data processing system that supports real-time multi-dimensional OLAP analysis. Druid provides low latency (real-time) data ingestion, and the most common scenario for Druid is the multi-dimensional and flexible OLAP analysis, due to big data background. Druid also supports pre-aggregation ingestion and aggregation analysis of data, based on time stamps, so some users use it in scenarios with time-series data processing and analysis.


On Feb 1, 2021, the Sangfor Security Team verified an Apache Druid remote code execution vulnerability CVE-2021-25646, classified as critical. The vulnerability is due to a lack of authentication in Apache Druid by default. Attackers can directly construct malicious requests to execute arbitrary code and control servers.


Apache Druid is a data store designed for high-performance OLAP queries fragment analysis on large data sets. It is also used as a data store for GUI analysis applications, or as a back-end for high-concurrency APIs that require fast aggregation. Apache Druid is often used for clickstream analysis (web and mobile analysis), network telemetry analysis (network performance monitoring), server index storage, supply chain analysis (manufacturing index), application performance measurement, digital marketing/advertising analysis, business intelligence and online analytical processing. There are more than 30,000 available hosts in the world that are potentially vulnerable to remote code execution.

Affected versions:

Apache Druid version earlier than 0.20.1


Jan 27, 2021 Apache Druid released a security bulletin.
Feb 1, 2021 Sangfor FarSight Labs detected the attack information of this vulnerability and released a vulnerability alert.


Apache has released a new version to fix this vulnerability. Please download and install it from the following link:
Cyber Security Feature Image

Cyber Security