CVE-2026-2255

216.73.216.36

· Published 27/05/2026 04:16 · Modified 27/05/2026 19:55

Labels: CVE-2026-2255 2026-05-27 CVE-2026-2255 CWE-522 [email protected]

Essential information

Published: 27/05/2026 04:16
Modified: 27/05/2026 19:55
Author: —
Creator: —
CVSS: 4.3 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
hitachi vantara / pentaho data integration	`cpe:2.3:a:hitachi_vantara:pentaho_data_integration::<10.2.0.6::::::*`
hitachi vantara / pentaho data integration	`cpe:2.3:a:hitachi_vantara:pentaho_data_integration:9.3.::::::*`
hitachi vantara / pentaho data integration	`cpe:2.3:a:hitachi_vantara:pentaho_data_integration:8.3.::::::*`
hitachi vantara / pentaho data analytics	`cpe:2.3:a:hitachi_vantara:pentaho_data_analytics::<10.2.0.6::::::*`
hitachi vantara / pentaho data analytics	`cpe:2.3:a:hitachi_vantara:pentaho_data_analytics:9.3.::::::*`
hitachi vantara / pentaho data analytics	`cpe:2.3:a:hitachi_vantara:pentaho_data_analytics:8.3.::::::*`