cvedb.io
CVE-2026-2255
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2026-05-27T04:16:26.833 · Last modified 2026-06-18T17:06:09.273

Summary

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.

Affected products

hitachi — vantara_pentaho_data_integration_and_analytics

Does this affect you?

Add your gear to cvedb and we'll alert you only when hitachi ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.