Browse all 13 CVE security advisories affecting KNIME. AI-powered Chinese analysis, POCs, and references for each vulnerability.
KNIME serves as an open-source analytics platform for data integration and machine learning workflows. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. While no major public security incidents have been widely documented, the platform's 13 recorded CVEs highlight potential risks in its extensibility plugins and web interface. Security researchers have identified issues related to authentication bypass and information disclosure, particularly in older versions. Regular updates and secure deployment practices remain critical for maintaining security in KNIME environments, especially when exposing its web interface to untrusted networks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-5562 | Unsafe default allows for cross-site scripting attacks in KNIME Server and KNIME Business Hub — KNIME Analytics PlatformCWE-79 | 6.1 | Medium | 2023-10-12 |
| CVE-2022-44749 | Opening workflows from untrusted resources may override arbitrary file system contents — KNIME Analytics PlatformCWE-22 | 5.5 | Medium | 2022-11-24 |
This page lists every published CVE security advisory associated with KNIME. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.