A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called f95389e7f74acec42bcee079a616aaa06f9551d2. A patch should be applied to remediate this issue.
{
"cwe_ids": [
"CWE-287"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11618.json",
"cna_assigner": "VulDB"
}{
"extracted_events": [
{
"introduced": "1.0"
},
{
"last_affected": "1.0"
},
{
"introduced": "1.1"
},
{
"last_affected": "1.1"
},
{
"introduced": "1.2"
},
{
"last_affected": "1.2"
},
{
"introduced": "1.3"
},
{
"last_affected": "1.3"
},
{
"introduced": "1.4.0"
},
{
"last_affected": "1.4.0"
}
],
"source": [
"AFFECTED_FIELD",
"REFERENCES"
]
}[
{
"source": "https://github.com/dtstack/taier/commit/f95389e7f74acec42bcee079a616aaa06f9551d2",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "216610787656649735812575564206235447009",
"length": 376.0
},
"deprecated": false,
"id": "CVE-2026-11618-317e8c85",
"target": {
"function": "getSimpleConn",
"file": "taier-datasource/taier-datasource-plugin/taier-datasource-plugin-rdbms/src/main/java/com/dtstack/taier/datasource/plugin/rdbms/ConnFactory.java"
}
},
{
"source": "https://github.com/dtstack/taier/commit/f95389e7f74acec42bcee079a616aaa06f9551d2",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"217565659534013163217235488359484574131",
"90032227541249874097250448197608457120",
"17742751689581196111368652307854137935",
"238457280924960987720760515271952143932",
"130579470980953382229518113004894127510",
"270782715566663161620672006287738864905",
"80221542755089269778823011513406345502",
"90687015600841101831193665774206598398",
"28955645325778020909425284505163252397",
"9760882937398396980623562879401006423",
"318348403742739236057484891119753776104",
"176862060528442465952904442529225790614",
"38833321757082946909569389623416896276",
"19971102003506413708532086725979924009",
"19020627344290470194628212585798916269",
"102715412356406950219770955940244365114"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-11618-37e954bb",
"target": {
"file": "taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java"
}
},
{
"source": "https://github.com/dtstack/taier/commit/f95389e7f74acec42bcee079a616aaa06f9551d2",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "22349399747430248950563837306355553654",
"length": 475.0
},
"deprecated": false,
"id": "CVE-2026-11618-c811e3af",
"target": {
"function": "preHandle",
"file": "taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java"
}
},
{
"source": "https://github.com/dtstack/taier/commit/f95389e7f74acec42bcee079a616aaa06f9551d2",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"119492301685871779104214419493479752856",
"143986548700767443570233900792655139999",
"284304028836780952082757080794125861375",
"302845874456682744142430469973298810000",
"44413585847997792731187077695239914545",
"27913617335245171255065641103686248824",
"285043010696114828561846531448801255706",
"222343246516797814007113144816611201755",
"282163499599853895682992609186266274560",
"303768928733323281722301500867259935647",
"104679766822746298263827271360814301947",
"108480695054674874360506787092701117619",
"250977657052545850207435213878369014055"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-11618-cd69103f",
"target": {
"file": "taier-datasource/taier-datasource-plugin/taier-datasource-plugin-rdbms/src/main/java/com/dtstack/taier/datasource/plugin/rdbms/ConnFactory.java"
}
}
]
"2026-07-15T17:53:47Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11618.json"