Skip to main content

Pentaho Data Integration EUVD-2026-32046

| CVE-2026-2255 MEDIUM
Insufficiently Protected Credentials (CWE-522)
2026-05-27 HITVAN GHSA-jmp2-cvfp-6gr9
Information Disclosure Pentaho Data Integration And Analytics
4.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 27, 2026 - 21:24 vuln.today
Patch available
May 27, 2026 - 19:46 EUVD

DescriptionNVD

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.

AnalysisAI

Plaintext credential exposure in Hitachi Vantara Pentaho Data Integration & Analytics allows authenticated network users to retrieve Hadoop cluster credentials via the Cluster Test API response. Affected versions span the 8.3.x, 9.3.x, and 10.x lines up to 10.2.0.6, as well as all pre-11.0.0.0 builds in the 11.x line. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-32046 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy