Medium severity6.3NVD Advisory· Published May 27, 2026· Updated May 27, 2026
CVE-2026-2254
CVE-2026-2254
Description
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.
Affected products
2- Range: <10.2.0.6 || <11.0.0.0
- Range: <10.2.0.6, <11.0.0.0
Patches
Vulnerability mechanics
References
1News mentions
1- Hitachi Discloses Six CVEs Across Pentaho, RTU500, Ops Center, and HiDraw ProductsVypr Intelligence · May 27, 2026