CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Cube: >> Cube.js >> 0.34.41 Security Vulnerabilities

CVE-2026-25958

Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14.

CVSS Score

7.7

EPSS Score

0.0

Published

2026-02-09

Page 1

Vulnerabilities

Vulnerable Software

Cube: >> Cube.js >> 0.34.41 Security Vulnerabilities

Products

Pricing

Contact Us