Medium severity4.3NVD Advisory· Published May 27, 2026· Updated May 27, 2026
CVE-2026-2255
CVE-2026-2255
Description
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.
Affected products
1- Range: <10.2.0.6 and <11.0.0.0 (including 9.3.x and 8.3.x)
Patches
Vulnerability mechanics
References
1News mentions
1- Hitachi Discloses Six CVEs Across Pentaho, RTU500, Ops Center, and HiDraw ProductsVypr Intelligence · May 27, 2026