PatchSiren cyber security CVE debrief
CVE-2026-11618 DTStack CVE debrief
A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called f95389e7f74acec42bcee079a616aaa06f9551d2. A patch should be applied to remediate this issue.
- Vendor
- DTStack
- Product
- Taier
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of DTStack Taier up to version 1.4.0
Technical summary
The vulnerability is located in the LoginInterceptor.java file, specifically in the preHandle function. This function is part of the Source Connection Test Endpoint component. An attacker can exploit this vulnerability remotely, potentially leading to improper authentication.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patch f95389e7f74acec42bcee079a616aaa06f9551d2 to remediate this issue.
- Review and update DTStack Taier to a version beyond 1.4.0 if available.
Evidence notes
The CVE-2026-11618 vulnerability has been publicly disclosed and may be utilized by attackers. The CVSS score for this vulnerability is 5.5, indicating a medium severity level.
Official resources
CVE-2026-11618 was published on 2026-06-09T03:16:25.673Z and modified on 2026-06-09T16:16:38.750Z.