Spotfire Enterprise Vulnerability in Server Modules by TIBCO Software
CVE-2026-8590

8.7HIGH

What is CVE-2026-8590?

A significant access control vulnerability has been identified in various Spotfire products, including Spotfire Enterprise and Spotfire on Kubernetes. The flaw exists within Spotfire Server modules, which could potentially enable unauthorized access to sensitive data for affected versions. Users and organizations utilizing Spotfire versions ranging from 14.0.12 to 14.8.0 for the enterprise and certain versions of Spotfire on Kubernetes should review their systems and implement necessary security measures to mitigate risks.

Affected Version(s)

Spotfire Enterprise 0 <= 14.0.12

Spotfire Enterprise 0 <= 14.0.12

Spotfire Enterprise 0 <= 14.4.2

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.