CVE-2025-26496

Critical CVSS: 9.3

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Vendor

Tableau

Product

Tableau Server

CWE

CWE-843

Yayın Tarihi

2025-08-22 21:15:31

Güncelleme

2025-11-04 15:48:41

Source Identifier

security@salesforce.com

KEV Date Added

Kategoriler

CWE-843 Tableau Server CRITICAL Tableau 2025

Referanslar

https://help.salesforce.com/s/articleView?id=005132575&type=1 https://www.cve.org/CVERecord?id=CVE-2022-1364

Benzer Kayıtlar

Medium

CVE-2025-52450

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Serve…

High

CVE-2025-52451

Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-…

High

CVE-2025-26497

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Edito…

High

CVE-2025-26498

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-…

High

CVE-2025-52453

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source module…

High

CVE-2025-52454

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector mod…