AI description
CVE-2025-26496 is a type confusion vulnerability found in the file upload modules of Salesforce Tableau Server and Tableau Desktop on Windows and Linux. The vulnerability occurs when a resource is allocated or initialized as one type but later accessed as another, leading to logical errors. This type confusion can be exploited by attackers with file upload access to craft malicious files. By uploading these files, attackers can trigger type mismatches, potentially leading to the execution of arbitrary code within the Tableau application context. The vulnerability affects Tableau Server and Tableau Desktop versions before 2025.1.3, 2024.2.12, and 2023.3.19.
- Description
- Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19.
- Source
- security@salesforce.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 6
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@salesforce.com
- CWE-843
- Hype score
- Not currently trending
🚨CVE-2025-26496: Salesforce Tableau Server and Desktop Type Confusion Vulnerability Allows Local Code Inclusion via File Upload CVSS: 9.6 ZoomEye Dork: app="Tableau Server" ZoomEye Link: https://t.co/WuP8UNpJBo Results: 169,926 GitHub Advisory: https://t.co/ZKjumztBkb htt
@DarkWebInformer
27 Aug 2025
3771 Impressions
3 Retweets
29 Likes
13 Bookmarks
1 Reply
0 Quotes
Tableau Server/Desktopに複数の深刻な脆弱性-CVE-2025-26496など修正済み #セキュリティ対策Lab #セキュリティ #Security https://t.co/LPNx0DZgm9
@securityLab_jp
27 Aug 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: #Saleforce patched multiple vulnerabilities in #Tableau Server & Desktop. The most severe vulnerability is CVE-2025-26496 with a CVSS score of 9.6. More information in the Saleforce adivsory: https://t.co/B1cu2bzMbg. #Patch #Patch #Patch
@CCBalert
25 Aug 2025
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨🚨Critical Salesforce Tableau Server Flaw CVE-2025-26496 (CVSS 9.6) exposes systems to Local Code Inclusion. Type confusion in File Upload modules (Windows/Linux, Server & Desktop) lets attackers upload malicious files and execute arbitrary code. Search by vul.cve http
@zoomeye_team
25 Aug 2025
6145 Impressions
18 Retweets
59 Likes
21 Bookmarks
1 Reply
0 Quotes
CVE-2025-26496 and other: Multiple vulns in Tableau Server, 7.7 - 9.6 rating 🔥 Five new vulns in Tableau Server include Type Confusion, Path Traversal, Dangerous File Uploads and Improper Input Validation. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/3484NJLYau
@Netlas_io
25 Aug 2025
593 Impressions
0 Retweets
5 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2025-26496 impacts Tableau Server & Desktop (Windows/Linux) — type confusion in file uploads enables Local Code Inclusion. Patch ASAP to secure business data! https://t.co/Wa9dwYRL6i #OffSeq #T... https://t.co/UQlEcTOVVQ
@offseq
23 Aug 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26496 Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allo… https://t.co/1PT1QyVcix
@CVEnew
22 Aug 2025
389 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes