CVE-2026-2254

Summary

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.

Affected Software

VendorProductVersion RangeStatus
Hitachi VantaraPentaho Data Integration and Analytics1.0 < 10.2.0.6affected
Hitachi VantaraPentaho Data Integration and Analytics10.0 < 11.0.0.0affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References