CVE-2026-9056

Summary

A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user.

Affected Software

VendorProductVersion RangeStatus
TalendTalend Administration Center8.0 < Patch_20260123_QTAC-1883 (cumulative patch)_R2026-01_v1-8.0.1affected

Weaknesses

  • CWE-94: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References