CVE-2026-9057
Broken Access Control in Talend Administration Center
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Bugcrowd Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qlik | talend_administration_center | to 8.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a broken access control issue in the Qlik Talend Administration Center. It allows a user who only has "View" permission to modify the Talend Studio update URL, which they normally should not be able to change.
By changing this update URL, an attacker could potentially cause the Talend Studio to download malicious software.
This issue has been fixed in a patch released on November 21, 2025, and users are advised to upgrade to the latest version to mitigate the risk.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with limited permissions to modify the update URL for Talend Studio, potentially causing the system to download and execute malicious software.
This could lead to compromise of the Talend Studio environment, including unauthorized code execution or data manipulation.
Because the vulnerability has a high severity rating (CVSS 3.1 score of 8.2), it represents a significant security risk if not patched.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Qlik Talend Administration Center to the latest patched version released on November 21, 2025.
- Ensure your version is at least Patch_20251121_QTAC-1471_R2025-11_v1-8.0.1 or later.
- Apply the official patch provided by Qlik to fix the broken access control issue.
Upgrading will prevent users with only 'View' permission from modifying the Talend Studio update URL and reduce the risk of malicious software downloads.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows a user with View permission to modify the Talend Studio update URL, potentially enabling the download of malicious software. This could lead to unauthorized modification or compromise of software components, which may impact the confidentiality and integrity of data processed by the system.
Such a security flaw could affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining system integrity to prevent unauthorized access or data breaches.
Applying the available patch is critical to mitigate this risk and maintain compliance with these regulations.