CVE-2026-9056 | THREATINT

Description

A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user.

PUBLISHED Reserved 2026-05-20 | Published 2026-05-20 | Updated 2026-05-20 | Assigner Bugcrowd

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-94: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status

affected

8.0 (custom) before Patch_20260123_QTAC-1883 (cumulative patch)_R2026-01_v1-8.0.1

affected

Credits

Ahsan

References

community.qlik.com/...tration-Center-cross-site/ta-p/2548522

cve.org (CVE-2026-9056)

nvd.nist.gov (CVE-2026-9056)

Download JSON