2 matches found
CVE-2026-25958
Cube (semantic layer) versions 0.27.19 up to before 1.5.13, 1.4.2, and 1.0.14 are vulnerable to privilege escalation via a specially crafted request with a valid API token. The issue is fixed in 1.5.13, 1.4.2, and 1.0.14. CVSS v3.1 base score 7.7 (HIGH) with attack vector Network, attack complexi...
CVE-2026-25957
CVE-2026-25957 affects Cube versions from 1.1.17 up to (but not including) 1.5.13 and 1.4.2, where a specially crafted request can make the entire Cube API unavailable. The issue is fixed in 1.5.13 and 1.4.2. Impact is availability disruption; no confidentiality or integrity impact is indicated. ...