🔐 CVE Alert

CVE-2026-8590

UNKNOWN 0.0

Spotfire OAuth2 PKCE Bypass for public clients

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Vulnerability in Spotfire Spotfire Enterprise (Spotfire Server modules), Spotfire Spotfire Enterprise with External Consumers (Spotfire Server modules), Spotfire Spotfire on Kubernetes (Spotfire Server modules). This issue affects Spotfire Enterprise: through 14.0.12, through 14.4.2, through 14.5.0, through 14.6.1, through 14.6.2, through 14.7.0, through 14.8.0; Spotfire Enterprise with External Consumers: through 14.0.12, through 14.5.0, through 14.6.0, through 14.6.1, through 14.6.2, through 14.7.0, through 14.8.0; Spotfire on Kubernetes: through 4.2.0, 5.0.X, 6.0.X.

Vendor spotfire
Product spotfire enterprise
Published Jul 14, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for spotfire spotfire enterprise

Be the first to know when new unknown vulnerabilities affecting spotfire spotfire enterprise are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Spotfire / Spotfire Enterprise
0 ≤ 14.0.12 0 ≤ 14.4.2 0 ≤ 14.5.0 0 ≤ 14.6.1 0 ≤ 14.6.2 0 ≤ 14.7.0 0 ≤ 14.8.0
Spotfire / Spotfire Enterprise with External Consumers
0 ≤ 14.0.12 0 ≤ 14.5.0 0 ≤ 14.6.0 0 ≤ 14.6.1 0 ≤ 14.6.2 0 ≤ 14.7.0 0 ≤ 14.8.0
Spotfire / Spotfire on Kubernetes
0 ≤ 4.2.0 5.0.x 6.0.x

References

NVD ↗ CVE.org ↗ EPSS Data ↗
community.spotfire.com: https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-july-14-2026-spotfire-cve-2026-8590-r3641/