CVE-2026-11618

EUVD-2026-35291

09.06.2026, 03:16

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called f95389e7f74acec42bcee079a616aaa06f9551d2. A patch should be applied to remediate this issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
VulDB	CNA	7.3 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
dtstack	taier	1.0	CNA
dtstack	taier	1.1	CNA
dtstack	taier	1.2	CNA
dtstack	taier	1.3	CNA
dtstack	taier	1.4.0	CNA

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://github.com/DTStack/Taier/

https://github.com/DTStack/Taier/commit/f95389e7f74acec42bcee079a616aaa06f9551d2

https://github.com/DTStack/Taier/issues/1194

https://vuldb.com/cve/CVE-2026-11618

https://vuldb.com/submit/834008

https://vuldb.com/vuln/369299

https://vuldb.com/vuln/369299/cti

https://github.com/DTStack/Taier/issues/1194