AVID-2026-R1218

Description

Vulnerability CVE-2023-26263

Details

All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server.

Reason for inclusion in AVID: CVE-2023-26263 describes an XML External Entity (XXE) vulnerability in Talend Data Catalog (pre-8.0-20230110). Talend Data Catalog is a data-management/tooling component commonly used in data pipelines for AI/ML workflows (data ingestion/feature pipelines), making it relevant to the software supply chain of general-purpose AI systems. The vulnerability is a security flaw (XXE) with potential impact, and the report provides CVE/NVD references as evidence.

References

• NVD entry
• https://talend.com
• https://www.talend.com/security/incident-response/#CVE-2023-26264

Affected or Relevant Artifacts

• Developer: n/a
• Deployer: n/a
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2023-04-13
• Version: 0.3.3
• AVID Entry