Vulnerability Database

299,690

Total vulnerabilities in the database

CVE-2025-26497

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Published: Aug 22, 2025
Updated: Nov 7, 2025
CVE: CVE-2025-26497
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
tableau / tableau_server	-	2023.3.19
tableau / tableau_server	2024.2	2024.2.12
tableau / tableau_server	2025.1	2025.1.3

https://help.salesforce.com/s/articleView?id=005132575&type=1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo