CVE-2026-9056
Stored XSS in Talend Administration Center
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Bugcrowd Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qlik | talend_administration_center | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stored cross-site scripting (XSS) issue found in the Talend Administration Center. It allows an attacker who has permission to manage servers to store malicious scripts within the system.
These malicious scripts can then be triggered by other users when they interact with the affected system, potentially leading to unauthorized actions or data exposure.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers with server management permissions to inject malicious scripts that execute in the context of other users.
This can lead to unauthorized access to sensitive information, manipulation of user sessions, or other malicious activities that compromise the integrity and confidentiality of the system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the stored cross-site scripting vulnerability in the Qlik Talend Administration Center, users should upgrade to the latest version of the software.
Specifically, installing the cumulative patch QTAC-1883, released on January 23, 2026, addresses this vulnerability.
No further updates are required beyond installing this patch.