CVE-2025-26496

CVE-2025-26496

Vendor Salesforce
Product Tableau Server, Tableau Desktop
Weakness CWE-843
Published August 22, 2025
Last update February 26, 2026

CVSS base score

What the vulnerability does

01Description

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Key dates

02Disclosure timeline

August 22, 2025 CVE published
February 26, 2026 Record updated