CVE-2026-9057 PUBLISHED

Security fix for Qlik Talend Administration Center URL access control vulnerability

Assigner: Bugcrowd
Reserved: 20.05.2026 Published: 20.05.2026 Updated: 20.05.2026

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
CVSS Score: 8.2

Attack Vector	Network	Scope	Changed
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Talend
Product	Talend Administration Center
Versions	Default: affected affected from 8.0 to Patch_20251121_QTAC-1471_R2025-11_v1-8.0.1 (excl.)

Credits

Kaushik Roy

References

https://community.qlik.com/t5/Official-Support-Articles/Security-fix-for-Qlik-Talend-Administration-Center-URL-access/ta-p/2548524

Problem Types

CWE-284: Improper Access Control