PT-2026-7194 · Cube · Cube
Ovr
·
Published
2026-02-09
·
Updated
2026-02-19
·
CVE-2026-25958
CVSS v3.1
7.7
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cube versions 0.27.19 through 1.5.12
Cube version 1.0.14
Cube version 1.4.2
Description
Cube, a semantic layer for building data applications, is affected by a privilege escalation issue. A specially crafted request, using a valid API token, can lead to unauthorized access. The issue is related to how requests are processed, potentially allowing an attacker to gain higher-level permissions than intended. The vulnerable component is the API endpoint that handles requests with API tokens. The
API token is the vulnerable parameter.Recommendations
Update to Cube version 1.5.13.
Update to Cube version 1.4.2.
Update to Cube version 1.0.14.
Exploit
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cube