CVE-2026-8590
Received
Received - Intake
Authentication Bypass in TIBCO Spotfire Server
Vulnerability report for CVE-2026-8590, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-14
Last updated on: 2026-07-14
Assigner: 8b479ca1-d558-42a2-87eb-a4751ba58a09
Description
Description
Vulnerability in Spotfire Spotfire Enterprise (Spotfire Server modules), Spotfire Spotfire Enterprise with External Consumers (Spotfire Server modules), Spotfire Spotfire on Kubernetes (Spotfire Server modules).
This issue affects Spotfire Enterprise: through 14.0.12, through 14.4.2, through 14.5.0, through 14.6.1, through 14.6.2, through 14.7.0, through 14.8.0; Spotfire Enterprise with External Consumers: through 14.0.12, through 14.5.0, through 14.6.0, through 14.6.1, through 14.6.2, through 14.7.0, through 14.8.0; Spotfire on Kubernetes: through 4.2.0, 5.0.X, 6.0.X.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| spotfire | spotfire_enterprise | to 14.8.0 (exc) |
| spotfire | spotfire_enterprise_with_external_consumers | to 14.8.0 (exc) |
| spotfire | spotfire_on_kubernetes | to 4.2.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |