CVE-2026-11618

Source
https://cve.org/CVERecord?id=CVE-2026-11618
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11618.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-11618
Published
2026-06-09T02:15:13.106Z
Modified
2026-07-15T17:53:47.887570Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication
Details

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called f95389e7f74acec42bcee079a616aaa06f9551d2. A patch should be applied to remediate this issue.

Database specific
{
    "cwe_ids": [
        "CWE-287"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11618.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/dtstack/taier

Affected ranges

Type
GIT
Repo
https://github.com/dtstack/taier
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "1.0"
        },
        {
            "last_affected": "1.0"
        },
        {
            "introduced": "1.1"
        },
        {
            "last_affected": "1.1"
        },
        {
            "introduced": "1.2"
        },
        {
            "last_affected": "1.2"
        },
        {
            "introduced": "1.3"
        },
        {
            "last_affected": "1.3"
        },
        {
            "introduced": "1.4.0"
        },
        {
            "last_affected": "1.4.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

1.*
1.0
1.1
1.2
1.3
1.4.0

Database specific

vanir_signatures
[
    {
        "source": "https://github.com/dtstack/taier/commit/f95389e7f74acec42bcee079a616aaa06f9551d2",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "216610787656649735812575564206235447009",
            "length": 376.0
        },
        "deprecated": false,
        "id": "CVE-2026-11618-317e8c85",
        "target": {
            "function": "getSimpleConn",
            "file": "taier-datasource/taier-datasource-plugin/taier-datasource-plugin-rdbms/src/main/java/com/dtstack/taier/datasource/plugin/rdbms/ConnFactory.java"
        }
    },
    {
        "source": "https://github.com/dtstack/taier/commit/f95389e7f74acec42bcee079a616aaa06f9551d2",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "217565659534013163217235488359484574131",
                "90032227541249874097250448197608457120",
                "17742751689581196111368652307854137935",
                "238457280924960987720760515271952143932",
                "130579470980953382229518113004894127510",
                "270782715566663161620672006287738864905",
                "80221542755089269778823011513406345502",
                "90687015600841101831193665774206598398",
                "28955645325778020909425284505163252397",
                "9760882937398396980623562879401006423",
                "318348403742739236057484891119753776104",
                "176862060528442465952904442529225790614",
                "38833321757082946909569389623416896276",
                "19971102003506413708532086725979924009",
                "19020627344290470194628212585798916269",
                "102715412356406950219770955940244365114"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2026-11618-37e954bb",
        "target": {
            "file": "taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java"
        }
    },
    {
        "source": "https://github.com/dtstack/taier/commit/f95389e7f74acec42bcee079a616aaa06f9551d2",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "22349399747430248950563837306355553654",
            "length": 475.0
        },
        "deprecated": false,
        "id": "CVE-2026-11618-c811e3af",
        "target": {
            "function": "preHandle",
            "file": "taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java"
        }
    },
    {
        "source": "https://github.com/dtstack/taier/commit/f95389e7f74acec42bcee079a616aaa06f9551d2",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "119492301685871779104214419493479752856",
                "143986548700767443570233900792655139999",
                "284304028836780952082757080794125861375",
                "302845874456682744142430469973298810000",
                "44413585847997792731187077695239914545",
                "27913617335245171255065641103686248824",
                "285043010696114828561846531448801255706",
                "222343246516797814007113144816611201755",
                "282163499599853895682992609186266274560",
                "303768928733323281722301500867259935647",
                "104679766822746298263827271360814301947",
                "108480695054674874360506787092701117619",
                "250977657052545850207435213878369014055"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2026-11618-cd69103f",
        "target": {
            "file": "taier-datasource/taier-datasource-plugin/taier-datasource-plugin-rdbms/src/main/java/com/dtstack/taier/datasource/plugin/rdbms/ConnFactory.java"
        }
    }
]
vanir_signatures_modified
"2026-07-15T17:53:47Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11618.json"