CVE-2025-26496
9.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Salesforce | Tableau Server, Tableau Desktop | 0 < 2025.1.3 | affected |
| Salesforce | Tableau Server, Tableau Desktop | 0 < 2024.2.12 | affected |
| Salesforce | Tableau Server, Tableau Desktop | 0 < 2023.3.19 | affected |
Weaknesses
- CWE-843: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://help.salesforce.com/s/articleView?id=005132575&type=1
- https://www.cve.org/CVERecord?id=CVE-2022-1364
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.