PT-2026-7194 · Cube · Cube
Ovr
·
Publicado
2026-02-09
·
Atualizado
2026-02-19
·
CVE-2026-25958
CVSS v3.1
7.7
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cube versions 0.27.19 through 1.5.12
Cube version 1.0.14
Cube version 1.4.2
Description
Cube, a semantic layer for building data applications, is affected by a privilege escalation issue. A specially crafted request, using a valid API token, can lead to unauthorized access. The issue is related to how requests are processed, potentially allowing an attacker to gain higher-level permissions than intended. The vulnerable component is the API endpoint that handles requests with API tokens. The
API token is the vulnerable parameter.Recommendations
Update to Cube version 1.5.13.
Update to Cube version 1.4.2.
Update to Cube version 1.0.14.
Exploit
Correção
LPE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cube