CVE-2026-11618 MEDIUM

CVE-2026-11618: DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication

Vendor Dtstack

Product Taier

Weakness CWE-287 · Improper authentication

Published June 9, 2026

Last update June 9, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called f95389e7f74acec42bcee079a616aaa06f9551d2. A patch should be applied to remediate this issue.

Key dates

Disclosure timeline

June 9, 2026 CVE published

June 9, 2026 Record updated

Identifiers

CVE CVE-2026-11618

CWE CWE-287

CVSS 6.9 / MEDIUM

Affected versions

Vendor Dtstack

Product Taier

Affected 1.0

Vendor Dtstack

Product Taier

Affected 1.1

Vendor Dtstack

Product Taier

Affected 1.2

Vendor Dtstack

Product Taier

Affected 1.3

Vendor Dtstack

Product Taier

Affected 1.4.0