Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

KNIME — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting KNIME. AI-powered Chinese analysis, POCs, and references for each vulnerability.

KNIME serves as an open-source analytics platform for data integration and machine learning workflows. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. While no major public security incidents have been widely documented, the platform's 13 recorded CVEs highlight potential risks in its extensibility plugins and web interface. Security researchers have identified issues related to authentication bypass and information disclosure, particularly in older versions. Regular updates and secure deployment practices remain critical for maintaining security in KNIME environments, especially when exposing its web interface to untrusted networks.

Top products by KNIME: KNIME Business Hub KNIME Analytics Platform KNIME Server
CVE IDTitleCVSSSeverityPublished
CVE-2026-4649 Auth bypass in Apache Artemis allows reading all internal messages — KNIME Business HubCWE-306 6.5 -2026-03-24
CVE-2025-14262 Jobs can be saved as workflows with wrong permissions on KNIME Business Hub — KNIME Business HubCWE-708 6.5AIMediumAI2025-12-08
CVE-2025-11240 Open redirect vulnerability in KNIME Business Hub — KNIME Business HubCWE-601 6.1 -2025-10-02
CVE-2025-11239 Job details are visible to all team members on KNIME Business Hub — KNIME Business HubCWE-863 4.3 -2025-10-02
CVE-2025-3019 Cross-site scripting vulnerabilities in KNIME Business Hub web pages — KNIME Business HubCWE-79 6.1 -2025-03-31
CVE-2025-2402 Hard-coded password for object store of KNIME Business Hub — KNIME Business HubCWE-259 9.8 -2025-03-31
CVE-2025-2787 Ingress-nginx vulnerability in KNIME Business Hub — KNIME Business Hub 9.9AICriticalAI2025-03-26
CVE-2024-6598 Denial-of-service on KNIME Business Hub when certain jobs are executed — KNIME Business HubCWE-770 4.9AIMediumAI2024-07-09
CVE-2023-5562 Unsafe default allows for cross-site scripting attacks in KNIME Server and KNIME Business Hub — KNIME Analytics PlatformCWE-79 6.1 Medium2023-10-12
CVE-2023-3140 KNIME Hub Web Application is vulnerable to clickjacking — KNIME Business HubCWE-1021 4.3 Medium2023-06-07
CVE-2023-2541 Sensitive information disclosure in KNIME Hub Web Application — KNIME Business HubCWE-497 5.3 Medium2023-06-07
CVE-2022-44749 Opening workflows from untrusted resources may override arbitrary file system contents — KNIME Analytics PlatformCWE-22 5.5 Medium2022-11-24
CVE-2022-44748 Uploading workflows to KNIME Server may override arbitrary file system contents — KNIME ServerCWE-22 7.1 High2022-11-24

This page lists every published CVE security advisory associated with KNIME. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.