Cyber Posture

CVE-2026-6264

Critical

Published: 14 April 2026

Published
14 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 22.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6264 is a critical-severity an unspecified weakness vulnerability in Qlik (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SC-41 (Port and I/O Device Access).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation requires applying vendor patches that fully mitigate the unauthenticated RCE vulnerability in the Talend JMX monitoring port.

CM-7 Least Functionality good match
prevent

Least functionality prohibits or restricts unnecessary JMX monitoring ports, preventing exposure to remote code execution as recommended for Talend Runtime.

SC-41 Port and I/O Device Access good match
prevent

Restricting unauthorized access to the JMX monitoring port via port/protocol/service controls blocks network-based unauthenticated exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

CVE-2026-6264 enables unauthenticated remote code execution via an exposed JMX monitoring port on a network-accessible service, directly mapping to T1190 (Exploit Public-Facing Application).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend…

more

JobServer by requiring TLS client authentication for the monitoring port; however, the patch must be applied for full mitigation. For Talend ESB Runtime, the vulnerability can be mitigated by disabling the JobServer JMX monitoring port, which is disabled by default from the R2024-07-RT patch.

Deeper analysisAI

CVE-2026-6264 is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) in the Talend JobServer and Talend Runtime that enables unauthenticated remote code execution via the JMX monitoring port. Published on 2026-04-14, the flaw affects the JMX monitoring port of the Talend JobServer specifically, allowing attackers to execute arbitrary code on affected systems.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no privileges or user interaction required. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially leading to full system compromise.

The official advisory recommends mitigation for Talend JobServer by requiring TLS client authentication on the monitoring port, though a patch is required for complete protection. For Talend ESB Runtime, disabling the JobServer JMX monitoring port mitigates the issue, and it is disabled by default starting from the R2024-07-RT patch. Details are available at https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fix-for-the-Qlik-Talend-JobServer-and-Talend/tac-p/2541974.

Details

CWE(s)
None listed

Affected Products

Qlik
inferred from references and description; NVD did not file a CPE for this CVE

References