CVE-2026-2254
EUVD-2026-3204527.05.2026, 04:16
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_data_integration_and_analytics | 𝑥 < 10.2.0.7 |
| hitachi | vantara_pentaho_data_integration_and_analytics | 10.2.0.8 < 𝑥 < 11.0.0.0 |
| hitachi | vantara_pentaho_data_integration_and_analytics | 8.3 |
| hitachi | vantara_pentaho_data_integration_and_analytics | 9.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration