CVE-2026-9057
Deferred Deferred - Pending Action
Broken Access Control in Talend Administration Center

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: Bugcrowd Inc.

Description
A broken access control issue has been identified in the Talend Administration Center, that allows a user with β€œView” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-09
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-08
NVD
CVE-2026-9057
EUVD
EUVD-2026-31061
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
qlik talend_administration_center to 8.0.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a broken access control issue in the Qlik Talend Administration Center. It allows a user who only has "View" permission to modify the Talend Studio update URL, which they normally should not be able to change.

By changing this update URL, an attacker could potentially cause the Talend Studio to download malicious software.

This issue has been fixed in a patch released on November 21, 2025, and users are advised to upgrade to the latest version to mitigate the risk.

Impact Analysis

If exploited, this vulnerability could allow an attacker with limited permissions to modify the update URL for Talend Studio, potentially causing the system to download and execute malicious software.

This could lead to compromise of the Talend Studio environment, including unauthorized code execution or data manipulation.

Because the vulnerability has a high severity rating (CVSS 3.1 score of 8.2), it represents a significant security risk if not patched.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Qlik Talend Administration Center to the latest patched version released on November 21, 2025.

  • Ensure your version is at least Patch_20251121_QTAC-1471_R2025-11_v1-8.0.1 or later.
  • Apply the official patch provided by Qlik to fix the broken access control issue.

Upgrading will prevent users with only 'View' permission from modifying the Talend Studio update URL and reduce the risk of malicious software downloads.

Compliance Impact

The vulnerability allows a user with View permission to modify the Talend Studio update URL, potentially enabling the download of malicious software. This could lead to unauthorized modification or compromise of software components, which may impact the confidentiality and integrity of data processed by the system.

Such a security flaw could affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining system integrity to prevent unauthorized access or data breaches.

Applying the available patch is critical to mitigate this risk and maintain compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9057. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart