CVE-2026-25957

Published February 9th, 2026

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2.

cube-js/cube

📊 Cube Core is open-source semantic layer for AI, BI and embedded analytics

GitHub

20.1K