{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-9056","assignerOrgId":"4ac701fe-44e9-4bcd-9585-dd6449257611","state":"PUBLISHED","assignerShortName":"Bugcrowd","dateReserved":"2026-05-20T04:33:36.038Z","datePublished":"2026-05-20T04:35:39.031Z","dateUpdated":"2026-05-20T13:08:33.447Z"},"containers":{"cna":{"providerMetadata":{"orgId":"4ac701fe-44e9-4bcd-9585-dd6449257611","shortName":"Bugcrowd","dateUpdated":"2026-05-20T04:35:39.031Z"},"title":"Security fix for Qlik Talend Administration Center cross-site scripting vulnerability","problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-94: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}],"affected":[{"vendor":"Talend","product":"Talend Administration Center","versions":[{"version":"8.0","status":"affected","lessThan":"Patch_20260123_QTAC-1883 (cumulative patch)_R2026-01_v1-8.0.1","versionType":"custom"}],"defaultStatus":"affected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:talend:administration_center:*:*:*:*:*:*:*:*","versionEndExcluding":"Patch_20260123_QTAC-1883 (cumulative patch)_R2026-01_v1-8.0.1"}]}]}],"descriptions":[{"lang":"en","value":"A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM"}}],"credits":[{"lang":"en","value":"Ahsan"}],"references":[{"url":"https://community.qlik.com/t5/Official-Support-Articles/Security-fix-for-Qlik-Talend-Administration-Center-cross-site/ta-p/2548522"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-20T13:08:26.585632Z","id":"CVE-2026-9056","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-20T13:08:33.447Z"}}]}}