CVE-2026-25957

Name of the Vulnerable Software and Affected Versions Cube versions 1.1.17 through 1.5.12 and 1.4.1

Description Cube, a semantic layer for building data applications, is susceptible to a condition where a specially crafted request to a Cube API endpoint can render the entire Cube API unavailable. This impacts the availability of the service. The vulnerability is triggered by submitting a malicious request to an unspecified API endpoint.

Recommendations Update to Cube version 1.5.13 or 1.4.2.