CNNVD-202602-1402 Information
Feb 09, 2026
cve
CNNVD ID
CNNVD-202602-1402
Related CVE
- CNNVD Published: 2026-02-09
Description (Chinese)
Cube是Cube开源的一个构建数据应用程序的语义层。 Cube 0.27.19版本至1.5.13之前版本、1.4.2之前版本和1.0.14之前版本存在安全漏洞,该漏洞源于使用有效的API令牌提交特制请求可能导致权限提升。
Description (English)
Cube is a semantic layer of a construction data application from the Cube Open Source. There is a security loophole between Cube 0.27.19 and 1.5.13, before 1.4.2 and before 1.0.14, which stems from the possibility that the use of valid API tokens to submit special requests may lead to an increase in authority.
Vulnerability Type
其他
Affected Vendor
Cube
Published
2026-02-09
Last Modified
2026-02-24
References
https://github.com/cube-js/cube/security/advisories/GHSA-v226-32c7-x2v7
Patch
https://github.com/cube-js/cube/releases
Share on: