CVE-2025-26496

CRITICAL 9.3

CVSS Score

9.3

EPSS Score

0.0%

EPSS Percentile

0th

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19.

CWE	CWE-843
Vendor	salesforce
Product	tableau server, tableau desktop
Ecosystems	CRM Cloud
Industries	Enterprise
Published	Aug 22, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for salesforce tableau server, tableau desktop

Be the first to know when new critical vulnerabilities affecting salesforce tableau server, tableau desktop are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Salesforce / Tableau Server, Tableau Desktop

0 < 2025.1.3 0 < 2024.2.12 0 < 2023.3.19

References

NVD ↗ CVE.org ↗ EPSS Data ↗

help.salesforce.com: https://help.salesforce.com/s/articleView?id=005132575&type=1 cve.org: https://www.cve.org/CVERecord?id=CVE-2022-1364