CVE-2025-26496

CRITICAL

Tableau Server < 2023.3.19 - Type Confusion

Title source: rule

Description

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19.

References (2)

[Vendor Advisory] https://help.salesforce.com/s/articleView?id=005132575&type=1

[Technical Description] https://www.cve.org/CVERecord?id=CVE-2022-1364

Scores

CVSS v3 9.3

EPSS 0.0004

EPSS Percentile 11.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-843

Status published

Products (1)

tableau/tableau_server < 2023.3.19

Published Aug 22, 2025

Tracked Since Feb 18, 2026