CVE-2026-2254

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: low

Description

AI Translation Available

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.

732

Incorrect Permission Assignment for Critical Resource

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Access Control Integrity Other

Potential Impacts:

Read Application Data Read Files Or Directories Gain Privileges Or Assume Identity Modify Application Data Other

Applicable Platforms

Technologies: Not Technology-Specific, Cloud Computing

Likelihood of Exploit: High

View CWE Details

https://support.pentaho.com/hc/en-us/articles/4567638490906…

https://support.pentaho.com/hc/en-us/articles/45676384909069--Resolved-Hitachi-…

CVE-2026-2254

Description

Incorrect Permission Assignment for Critical Resource

Common Consequences

Applicable Platforms

Iscriviti alla newsletter