CVE-2025-26498

Published: Aug 22, 2025Modified: Nov 3, 2025

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Affected (3)

Products: Tableau: Tableau Server

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Tableau Tableau Server	Before 2023.3.19
Tableau Tableau Server	From 2024.2 to 2024.2.12
Tableau Tableau Server	From 2025.1 to 2025.1.3

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://help.salesforce.com/s/articleView?id=005132575&type=1

Source: security@salesforce.com

Vendor Advisory

Timeline

No history available yet.