Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface and multidimensional analysis (OLAP) on top of Hadoop/Spark, etc. An access control error vulnerability exists in Apache kylin, which stems from allowing cross-source requests with credentials to be sent from any source in Apache Kylin. No details of the vulnerability are currently available.