Remote Code Execution Vulnerability in Talend JobServer by Talend
CVE-2026-6264

9.8CRITICAL

Key Information:

Vendor: Talend
Status: Talend Jobserver; Talend Runtime
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-6264?

A significant vulnerability in Talend JobServer and Talend Runtime permits unauthenticated remote code execution via the JMX monitoring port. This security flaw can be exploited by attackers to gain unauthorized access and execute arbitrary code on the affected systems. To mitigate this vulnerability effectively, it is recommended to enable TLS client authentication for the JobServer's monitoring port. For Talend ESB Runtime users, disabling the JobServer JMX monitoring port, which is turned off by default from the R2024-07-RT patch, is advised to enhance security.

Affected Version(s)

Talend JobServer 8.0

Talend JobServer 7.3

Talend Runtime 8.0 < 8.0.1.R2026-01-RT

References

https://community.qlik.com/t5/Official-Support-Articles/C...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Apr 14, 2026

Credit

Harpreet Singh (@TheCyb3rAlphaProfession), Security Researcher

CVE-2026-6264 Data

JSON