Skip to main content

Talend Administration Center

2 CVEs product

Monthly

CVE-2026-9057 HIGH This Week

Privilege escalation via broken access control in Talend Administration Center allows a low-privileged user holding only 'View' permission to modify the Talend Studio update URL, redirecting downstream Studio clients to attacker-controlled update endpoints. The flaw has a CVSS 8.2 rating reflecting changed scope and high confidentiality/integrity impact, and no public exploit identified at time of analysis. A vendor patch is available per the Qlik/Talend support advisory.

Information Disclosure Talend Administration Center
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-9056 MEDIUM This Month

Stored cross-site scripting in Qlik Talend Administration Center allows an authenticated user holding server management permissions to inject persistent malicious script payloads that execute in the browsers of other TAC users who subsequently view the affected content. The CVSS Changed scope (S:C) signals that successful exploitation crosses security boundaries beyond the application itself, enabling impact on victim browser sessions. No public exploit code identified at time of analysis, no CISA KEV listing, but Qlik has published a security fix via their official support community.

XSS Talend Administration Center
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
EPSS 0% CVSS 8.2
HIGH This Week

Privilege escalation via broken access control in Talend Administration Center allows a low-privileged user holding only 'View' permission to modify the Talend Studio update URL, redirecting downstream Studio clients to attacker-controlled update endpoints. The flaw has a CVSS 8.2 rating reflecting changed scope and high confidentiality/integrity impact, and no public exploit identified at time of analysis. A vendor patch is available per the Qlik/Talend support advisory.

Information Disclosure Talend Administration Center
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting in Qlik Talend Administration Center allows an authenticated user holding server management permissions to inject persistent malicious script payloads that execute in the browsers of other TAC users who subsequently view the affected content. The CVSS Changed scope (S:C) signals that successful exploitation crosses security boundaries beyond the application itself, enabling impact on victim browser sessions. No public exploit code identified at time of analysis, no CISA KEV listing, but Qlik has published a security fix via their official support community.

XSS Talend Administration Center
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy