Back to overview

CVE-2026-8590

HIGH
8.7
CVSS 4.0
Description
Vulnerability in Spotfire Spotfire Enterprise (Spotfire Server modules), Spotfire Spotfire Enterprise with External Consumers (Spotfire Server modules), Spotfire Spotfire on Kubernetes (Spotfire Server modules). This issue affects Spotfire Enterprise: through 14.0.12, through 14.4.2, through 14.5.0, through 14.6.1, through 14.6.2, through 14.7.0, through 14.8.0; Spotfire Enterprise with External Consumers: through 14.0.12, through 14.5.0, through 14.6.0, through 14.6.1, through 14.6.2, through 14.7.0, through 14.8.0; Spotfire on Kubernetes: through 4.2.0, 5.0.X, 6.0.X.

Metadata

CVE ID
CVE-2026-8590
State
PUBLISHED
Assigner
Spotfire
Reserved
2026-05-14 08:09 UTC
Published
2026-07-14 13:49 UTC
Last updated
2026-07-14 15:02 UTC
Vendor / Product
Spotfire / Spotfire Enterprise
Sources
cve.org  ·  NVD

Severity & Metrics

8.7 HIGH CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
total
Affected products (3)
VendorProductPlatformVersions
Spotfire Spotfire Enterprise 0 ≤ 14.0.12, 0 ≤ 14.4.2, 0 ≤ 14.5.0, 0 ≤ 14.6.1 …
Spotfire Spotfire Enterprise with External Consumers 0 ≤ 14.0.12, 0 ≤ 14.5.0, 0 ≤ 14.6.0, 0 ≤ 14.6.1 …
Spotfire Spotfire on Kubernetes 0 ≤ 4.2.0, 5.0.x, 6.0.x
Weakness (CWE)
CWESourceDescription
adp CWE-noinfo Not enough information
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.7 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
Back to overview