How to fix CVE-2025-26496?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Is Memory Corruption affected by CVE-2025-26496?

CVE-2025-26496 presents critical security risk rated CVSS 9.3. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems.

CVE-2025-26496

CRITICAL

2025-08-22 [email protected]

9.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:08 vuln.today

CVE Published

Aug 22, 2025 - 21:15 nvd

CRITICAL 9.3

Description

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Analysis

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.1.3,. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical Context

This vulnerability is classified as Access of Resource Using Incompatible Type (Type Confusion) (CWE-843), which allows attackers to execute arbitrary code by exploiting type confusion in the application. Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.1.3, before 2024.2.12, before 2023.3.19. Affected products include: Tableau Tableau Server. Version information: before 2025.1.3.

Affected Products

Tableau Tableau Server.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Enforce strict type checking, use type-safe languages, validate object types before operations.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +46

POC: 0

Vendor Status

CVE-2025-26496 vulnerability details – vuln.today

Back

CVE-2025-26496

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-26496

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code