PatchSiren

DTStack CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM DTStack CVE published 2026-06-09

CVE-2026-11618

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed an [truncated]

LOW DTStack CVE published 2026-05-25

CVE-2026-9437

A command injection vulnerability exists in DTStack Taier 1.4.0, specifically within the Runtime.exec function of the REST API component. The vulnerability allows remote attackers to execute arbitrary operating system commands by manipulating the sqlText parameter. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no required privileges, and low impact across confidentiality, [truncated]