Description
A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called f95389e7f74acec42bcee079a616aaa06f9551d2. A patch should be applied to remediate this issue.
Published: 2026-06-09
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in DTStack Taier, identified in the preHandle method of LoginInterceptor.java within the Source Connection Test Endpoint, allows an attacker to bypass authentication checks. By manipulating the request flow, an unauthorized user can authenticate as a legitimate user, granting access to protected resources and operations that require valid credentials. The flaw is classified as CWE‑287, indicating a broken authentication mechanism.

Affected Systems

Affected products are DTStack's Taier component, all releases up to version 1.4.0. The vulnerability applies to installations that include the Source Connection Test Endpoint and use the legacy LoginInterceptor.java implementation prior to the patch. No specific patch version is listed beyond the commit that fixes the issue, so any deployment of Taier 1.4.0 or earlier is potentially vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity level. The EPSS score is unavailable, and the vulnerability is not listed in the CISA KEV catalog, suggesting the exploitation risk is not currently observed at a large scale. However, the exploit is publicly disclosed and can be performed remotely, so the attack surface exists for any publicly accessible Taier deployment. An attacker who successfully exploits this flaw gains unauthorized access to sensitive data and actions, undermining confidentiality, integrity, and availability of the system. The risk is moderate but non‑negligible, warranting prompt remediation.

Generated by OpenCVE AI on June 9, 2026 at 04:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch commit f95389e7f74acec42bcee079a616aaa06f9551d2 to replace the vulnerable LoginInterceptor.java implementation.
  • Deploy the updated Taier code and restart the application to load the new authentication logic.
  • Re‑configure the Source Connection Test Endpoint so that only authenticated and authorized users can access it, and review role‑based access controls to prevent unintended exposure.
  • Monitor system logs for any unauthorized connection attempts to the endpoint and set alerts to detect future abuse.

Generated by OpenCVE AI on June 9, 2026 at 04:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called f95389e7f74acec42bcee079a616aaa06f9551d2. A patch should be applied to remediate this issue.
Title DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication
First Time appeared Dtstack
Dtstack taier
Weaknesses CWE-287
CPEs cpe:2.3:a:dtstack:taier:*:*:*:*:*:*:*:*
Vendors & Products Dtstack
Dtstack taier
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Dtstack Taier
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-09T14:28:48.516Z

Reserved: 2026-06-08T20:08:48.179Z

Link: CVE-2026-11618

cve-icon Vulnrichment

Updated: 2026-06-09T14:28:23.308Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T03:16:25.673

Modified: 2026-06-09T16:16:38.750

Link: CVE-2026-11618

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T05:00:18Z

Weaknesses