CNNVD-202602-1403 Information

CNNVD ID

CNNVD-202602-1403

Related CVE

CVE-2026-25957

• CNNVD Published: 2026-02-09

Description (Chinese)

Cube是Cube开源的一个构建数据应用程序的语义层。 Cube 1.1.17版本至1.5.13之前版本和1.4.2版本存在安全漏洞，该漏洞源于向API端点提交特制请求可能导致整个API服务不可用。

Description (English)

Cube is a semantic layer of a construction data application from the Cube Open Source. There is a security gap between Cube 1.1.17 and pre-A1.5.13 and 1.4.2, which stems from the fact that a specific request to the API endpoint may result in the entire API service not being available.

Vulnerability Type

其他

Affected Vendor

Cube

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/cube-js/cube/security/advisories/GHSA-9vph-2hvm-x66g https://access.redhat.com/security/cve/cve-2026-25957

Patch

https://github.com/cube-js/cube/releases