PT-2026-7193 · Cube · Cube
Ovr
·
Published
2026-02-09
·
Updated
2026-02-10
·
CVE-2026-25957
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Cube versions 1.1.17 through 1.5.12 and 1.4.1
Description
Cube, a semantic layer for building data applications, is susceptible to a condition where a specially crafted request to a Cube API endpoint can render the entire Cube API unavailable. This impacts the availability of the service. The vulnerability is triggered by submitting a malicious request to an unspecified API endpoint.
Recommendations
Update to Cube version 1.5.13 or 1.4.2.
Exploit
Fix
DoS
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cube