CVE Catalog

CVE-2026-2254

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile - higher than 5% of all known CVEs

Summary

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, do not apply ACLs on certain API endpoints related to platform mail notifications.

Risk Assessment

The lack of proper security on these endpoints may lead to unauthorized access to sensitive information related to email notifications, posing a risk to the organization's data security.

Recommendation

It is recommended to upgrade to the latest version of the software to apply appropriate access control lists on all API endpoints.

Original NVD description (English source)

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS