Tableau Tableau_server
22 CVEs affecting Tableau Tableau_server. Latest disclosed: 2025-08-22. Critical: 3, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-22128 | Critical | 9.8 | 2022-10-17 | Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code e… |
CVE-2020-6939 | Critical | 9.8 | 2020-11-23 | Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a mali… |
CVE-2025-26496 | Critical | 9.3 | 2025-08-22 | Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload module… |
CVE-2025-52451 | High | 8.5 | 2025-08-22 | Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolu… |
CVE-2025-52452 | High | 8.5 | 2025-07-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - dupli… |
CVE-2025-52449 | High | 8.5 | 2025-07-25 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alter… |
CVE-2025-52454 | High | 8.2 | 2025-07-25 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing… |
CVE-2025-52453 | High | 8.2 | 2025-07-25 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. T… |
CVE-2025-52448 | High | 8.1 | 2025-07-25 | Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api modules) allows Interfa… |
CVE-2025-52447 | High | 8.1 | 2025-07-25 | Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows I… |
CVE-2019-15637 | High | 8.1 | 2019-08-26 | Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects T… |
CVE-2025-52446 | High | 8.0 | 2025-07-25 | Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulati… |
CVE-2025-26494 | High | 7.7 | 2025-02-11 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 throu… |
CVE-2025-26495 | High | 7.5 | 2025-02-11 | Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This… |
CVE-2020-6938 | High | 7.5 | 2020-07-08 | A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive… |
CVE-2025-26498 | High | 7.3 | 2025-08-22 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Abso… |
CVE-2025-26497 | High | 7.3 | 2025-08-22 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Travers… |
CVE-2022-22127 | High | 7.2 | 2022-05-25 | Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing… |
CVE-2025-52450 | Medium | 6.5 | 2025-08-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create… |
CVE-2021-1629 | Medium | 6.1 | 2021-03-26 | Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users. |