Insufficiently Protected Credentials in Hitachi Vantara Pentaho Data Integration & Analytics
CVE-2026-2255

4.3MEDIUM

Key Information:

Vendor: Hitachi
Status: Pentaho Data Integration And Analytics
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-2255?

The Hitachi Vantara Pentaho Data Integration and Analytics platforms prior to version 10.2.0.6 and 11.0.0.0 are susceptible to a significant security flaw that leaves Hadoop cluster credentials exposed in plaintext via the Cluster Test API. Although the credentials are not intended to be visible to users, the inherent risk is amplified as an attacker with access to the backend API can utilize these credentials to submit jobs, thereby compromising the security of the entire system. This vulnerability necessitates immediate action to mitigate potential exploitation.

Affected Version(s)

Pentaho Data Integration and Analytics 1.0 < 10.2.0.6

Pentaho Data Integration and Analytics 10.0 < 11.0.0

References

https://support.pentaho.com/hc/en-us/articles/45672235545...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Feb 9, 2026

Credit

Hitachi Group Member

CVE-2026-2255 Data

JSON