CVE-2026-8590
Spotfire OAuth2 PKCE Bypass for public clients
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Vulnerability in Spotfire Spotfire Enterprise (Spotfire Server modules), Spotfire Spotfire Enterprise with External Consumers (Spotfire Server modules), Spotfire Spotfire on Kubernetes (Spotfire Server modules). This issue affects Spotfire Enterprise: through 14.0.12, through 14.4.2, through 14.5.0, through 14.6.1, through 14.6.2, through 14.7.0, through 14.8.0; Spotfire Enterprise with External Consumers: through 14.0.12, through 14.5.0, through 14.6.0, through 14.6.1, through 14.6.2, through 14.7.0, through 14.8.0; Spotfire on Kubernetes: through 4.2.0, 5.0.X, 6.0.X.
| Vendor | spotfire |
| Product | spotfire enterprise |
| Published | Jul 14, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for spotfire spotfire enterprise
Be the first to know when new unknown vulnerabilities affecting spotfire spotfire enterprise are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Spotfire / Spotfire Enterprise
0 ≤ 14.0.12 0 ≤ 14.4.2 0 ≤ 14.5.0 0 ≤ 14.6.1 0 ≤ 14.6.2 0 ≤ 14.7.0 0 ≤ 14.8.0
Spotfire / Spotfire Enterprise with External Consumers
0 ≤ 14.0.12 0 ≤ 14.5.0 0 ≤ 14.6.0 0 ≤ 14.6.1 0 ≤ 14.6.2 0 ≤ 14.7.0 0 ≤ 14.8.0
Spotfire / Spotfire on Kubernetes
0 ≤ 4.2.0 5.0.x 6.0.x