Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Palantir — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting Palantir. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Palantir Technologies primarily develops software platforms for data integration, analysis, and decision-making, serving government agencies and large enterprises. With forty-seven recorded Common Vulnerabilities and Exposures (CVEs), the company’s historical attack surface has frequently involved remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from complex web interfaces and backend data processing components, allowing attackers to potentially bypass authentication or execute arbitrary commands. Notable security characteristics include the inherent risks associated with handling sensitive, classified, or proprietary data, which makes successful exploitation particularly damaging. While specific major public breaches are less documented compared to consumer tech firms, the high-value nature of its client base necessitates rigorous security postures. The recurring nature of these CVEs highlights the challenges of securing large-scale, integrated data ecosystems against sophisticated threat actors seeking access to critical information infrastructure.

Top products by Palantir: com.palantir.foundry:foundry-frontend Gotham com.palantir.comments:comments com.palantir.acme.gaia:gaia com.palantir.acme.cerberus:cerberus com.palantir.magritte:magritte-rest-source-bundle com.palantir.acme:gotham-fe-bundle com.palantir.apollo:autopilot com.palantir.tiles:tiles com.palantir.meta:orbital-simulator com.palantir.video:video-application-server com.palantir.skywise:guardian com.palantir.gotham:blackbird-witchcraft com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar com.palantir.gotham:external-artifacts com.palantir.artifacts:artifacts com.palantir.secupload:secure-upload com.palantir.controlpanel:control-panel com.palantir.compute:compute-service com.palantir.gotham:glutton com.palantir.acme:gotham-default-apps-bundle com.palantir.aries:aries sls-logging Foundry Multipass AtlasDB Foundry Magritte plugin osisoft-pi-web-connector Foundry Blobster Service Foundry Build2 Foundry Code-Workbooks Palantir Gotham Chat IRC helper
CVE IDTitleCVSSSeverityPublished
CVE-2025-68609 Authentication bypass in Aries due to misconfiguration — com.palantir.aries:ariesCWE-305 6.6 Medium2026-01-22
CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files. — com.palantir.acme:gotham-default-apps-bundleCWE-863 3.5 Low2026-01-09
CVE-2023-30971 Gaia unauthenticated endpoints — com.palantir.acme.gaia:gaiaCWE-592 6.8 Medium2025-12-19
CVE-2024-49587 Glutton V1 endpoints missing authentication — com.palantir.gotham:gluttonCWE-305 9.1 Critical2025-12-19
CVE-2025-53710 Network boundaries not respected in certain Foundry namespaces. — com.palantir.compute:compute-serviceCWE-653 7.5 High2025-12-18
CVE-2025-64400 Insufficient permission checks when pre-enrolling users Summary — com.palantir.controlpanel:control-panelCWE-284 4.1 Medium2025-12-18
CVE-2025-53709 Access control issues impacting secure-upload service — com.palantir.secupload:secure-uploadCWE-285 5.4 Medium2025-07-10
CVE-2024-49589 Foundry artifacts denial of service — com.palantir.artifacts:artifactsCWE-770 6.5 Medium2025-02-18
CVE-2024-49581 Access control issue impacting RV backed objects — com.palantir.gotham:external-artifactsCWE-862 6.5 Medium2024-12-02
CVE-2024-49588 Multiple authenticated SQL injections in oracle-sidecar — com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecarCWE-89 6.8 Medium2024-11-21
CVE-2023-30968 Stored XSS in gaia — com.palantir.acme.gaia:gaiaCWE-434 6.8 Medium2024-03-12
CVE-2023-22836 In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants. — com.palantir.skywise:guardianCWE-862 3.5 Low2024-01-29
CVE-2023-30970 Gotham table and Forward App Path traversal — com.palantir.gotham:blackbird-witchcraftCWE-36 6.5 Medium2024-01-29
CVE-2023-30954 Gotham Video Broken Authentication — com.palantir.video:video-application-serverCWE-285 2.7 Low2023-11-15
CVE-2023-30967 Gotham Orbital Simulator path traversal — com.palantir.meta:orbital-simulatorCWE-22 9.8 Critical2023-10-25
CVE-2023-30969 Palantir Tiles missing authentication on API endpoints — com.palantir.tiles:tilesCWE-284 8.2 High2023-10-25
CVE-2023-30961 Palantir Gotham UI bug that could lead to incorrect data classification — com.palantir.acme:gotham-fe-bundleCWE-710 6.5 Medium2023-09-26
CVE-2023-30959 Stored XSS via javascript URI in Apollo Change Requests comment — com.palantir.apollo:autopilotCWE-84 4.1 Medium2023-09-26
CVE-2023-30962 Stored XSS in cerberus attachments — com.palantir.acme.cerberus:cerberusCWE-434 6.8 Medium2023-09-12
CVE-2023-30952 Foundry Issues reporterPath phishing by parameter injection — com.palantir.foundry:foundry-frontendCWE-20 5.0 Medium2023-08-03
CVE-2023-30950 CVE-2023-30950 — com.palantir.campaigns:campaignsCWE-290 6.5 Medium2023-08-03
CVE-2023-30958 DOM XSS in Developer mode dashboard via redirect GET parameter — com.palantir.foundry:foundry-frontendCWE-83 4.7 Medium2023-08-03
CVE-2023-30951 CVE-2023-30951 — com.palantir.magritte:magritte-rest-source-bundleCWE-611 6.3 Medium2023-08-03
CVE-2023-30949 CVE-2023-30949 — com.palantir.slate:slateCWE-1173 4.3 Medium2023-07-26
CVE-2023-30956 IDOR in Foundry Comments allows retrieval of attachments — com.palantir.comments:commentsCWE-639 5.3 Medium2023-07-10
CVE-2023-30960 Insecure Direct Object Reference (IDOR) in Foundry job-tracker — com.palantir.foundry.jobtracker:job-trackerCWE-639 4.3 Medium2023-07-10
CVE-2023-30963 Stored XSS in Foundry Slate Query Dropdown menu — com.palantir.foundry:foundry-frontendCWE-82 5.4 Medium2023-07-10
CVE-2023-22835 Denial of Service in Foundry Issues — com.palantir.foundry:foundry-frontendCWE-20 7.7 High2023-07-10
CVE-2023-30946 Issues notification metadata lacks authorization — com.palantir.issues:issuesCWE-420 3.5 Low2023-06-29
CVE-2023-30955 Foundry workspace-server Developer Mode Authorization Bypass — com.palantir.workspace:workspaceCWE-602 4.3 Medium2023-06-29

This page lists every published CVE security advisory associated with Palantir. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.