CVE-2025-26494

Summary

CVE-2025-26494 is a serious vulnerability affecting Salesforce Tableau Server versions from 2023.3 to 2023.3.5. This issue involves a Server-Side Request Forgery (SSRF) that enables Authentication Bypass. An attacker exploiting this vulnerability could potentially gain unauthorized access to protected resources or data within the Tableau Server environment. The SSRF technique allows the attacker to send malicious requests to unintended internal servers or applications, bypassing authentication checks and gaining unauthorized access. This vulnerability poses a significant risk to organizations using the impacted versions of Tableau Server and requires immediate attention and patching to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.