CVE-2026-25958

Published February 9th, 2026

View on NVD ↗

CVSS v3

7.7

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14.

cube-js/cube

📊 Cube Core is open-source semantic layer for AI, BI and embedded analytics

GitHub

20.1K