Browse all 4 CVE security advisories affecting cube-js. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Cube-js is an open-source analytics platform for building business intelligence applications. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. The platform's security posture has been challenged by improper input validation and insufficient access controls in its query engine and API endpoints. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in its core functionality suggests that organizations should implement strict input sanitization, principle of least privilege access, and regular security assessments when deploying this analytics solution.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25958 | Cube privilege escalation via a specially crafted request — cubeCWE-807 | 7.7 | High | 2026-02-09 |
| CVE-2026-25957 | Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a specially crafted request — cubeCWE-755 | 6.5 | Medium | 2026-02-09 |
| CVE-2023-50709 | Denial of service attack on the cube-api endpoint — cubeCWE-20 | 6.5 | Medium | 2023-12-13 |
| CVE-2022-23510 | SQl injection in cube-js — cube.jsCWE-89 | 9.6 | Critical | 2022-12-09 |
This page lists every published CVE security advisory associated with cube-js. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.