Hitachi Vantara Pentaho Data Integration & Analytics

6.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Description

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.

Basic Information

ID CVE-2026-2254

Source HITVAN

Published May 27, 2026 at 02:46

Affected Product

Vendor Hitachi Vantara

Product Pentaho Data Integration and Analytics

Version 1.0

Affected Versions Hitachi Vantara Pentaho Data Integration and Analytics 1.0
Hitachi Vantara Pentaho Data Integration and Analytics 10.0

CWE Classification

CWE-732

References

support.pentaho.com /hc/en-us/articles/45676384909069--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Incorrect-Permission-Assignment-for-Critical-Resource-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2254

{
    "lastseen": "",
    "description": "Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.",
    "published": "2026-05-27T02:46:36.132Z",
    "modified": "2026-05-27T02:46:36.132Z",
    "type": "cve",
    "title": "Hitachi Vantara Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical  Resource",
    "source": "HITVAN",
    "references": "https://support.pentaho.com/hc/en-us/articles/45676384909069--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Incorrect-Permission-Assignment-for-Critical-Resource-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2254?brand_id=1928686",
    "id": "CVE-2026-2254",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "Hitachi Vantara Pentaho Data Integration and Analytics 1.0\nHitachi Vantara Pentaho Data Integration and Analytics 10.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pentaho Data Integration and Analytics",
    "version": "1.0",
    "vendor": "Hitachi Vantara",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Hitachi Vantara Pentaho Data Integration & Analytics – Incorrect Permission Assignment for Critical Resource_CVE-2026-2254