Skip to main content
Qlik Data Gateway upgrade REQUIRED by September 15 READ MORE
Digital Support
Digital Support

Edited August 30th, 15:55 CET: Added clarification on older Qlik Sense Enterprise on Windows versions
Edited August 31st, 13:10 CET: Added clarification on possible workarounds (none exist) as well as information regarding what authentication methods (all) are affected and that HTTP and HTTPS are impacted

Hello Qlik Users,

Two security issues in Qlik Sense Enterprise for Windows have been identified and patches made available. Details can be found in Security Bulletin Critical Security fixes for Qlik Sense Enterprise for Windows (CVE-2023-41266, CVE-2023-41265).

Today, we have released five service releases across the latest versions of Qlik Sense to patch the reported issues. All versions of Qlik Sense Enterprise for Windows prior to and including these releases are impacted:

  • May 2023 Patch 3
  • February 2023 Patch 7
  • November 2022 Patch 10
  • August 2022 Patch 12

All prior versions of Qlik Sense Enterprise on Windows are affected, including releases such as May 2022, February 2022, and earlier. While no patches are currently listed for these versions, Qlik is actively investigating the possibility of patching older releases. 

No workarounds can be provided. Customers should upgrade Qlik Sense Enterprise for Windows to a version containing fixes for these issues. August 2023 IR released today already contains the fix

  • August 2023 Initial Release
  • May 2023 Patch 4
  • February 2023 Patch 8
  • November 2022 Patch 11
  • August 2022 Patch 13
This issue only impacts Qlik Sense Enterprise for Windows. Other Qlik products including Qlik Cloud and QlikView are NOT impacted.

All Qlik software can be downloaded from our official Qlik Download page (customer login required). Follow best practices when upgrading Qlik Sense.

The information in this post and Security Bulletin Critical Security fixes for Qlik Sense Enterprise for Windows (CVE-2023-41266, CVE-2023-41265) are disclosed in accordance with our published Security and Vulnerability Policy.


Clarifications and Frequently Asked Questions:

What can be done to mitigate the issue?

No mitigation can be provided. An upgrade should be performed at the earliest. As per Qlik's best practices, the proxy should not be exposed to the public internet, which reduces the attack surface significantly.

What authentication methods are affected?

All authentication methods are affected.

Are environments with HTTP disabled impacted?

Environments will be affected regardless if HTTP or HTTPS are in use. These vulnerabilities affect the HTTP protocol overall, meaning even if HTTP is disabled, the environment remains vulnerable.

These attacks don’t rely on intercepting any communication, and therefore, are indifferent whether the HTTP communication is encrypted or not.

Kind regards, and thank you for choosing Qlik,

Qlik Global Support

Digital Support
Digital Support

Hello @AmanMashi37 

Help check the server logs in case the vulnerability is exploited by any intruder.

As for verifying pre and post patch, Qlik is aligned Praetorian. You can make use of their research, see Verifying Remediation Using Nuclei |

Critical vulnerability alert by Qlik : We do not receive any alert, please help enable the alert so that we receive proactive alerts.

For security-related incidents, Qlik follows a Responsible Disclosure approach for any vulnerability that rates as High or Critical by our Software Security Office. This approach includes publishing a Security Bulletin to alert our customers and partners through a blog post, collaborating with the reporter of the vulnerability if applicable, creating software fixes as soon as possible, and/or providing mitigation until fixed.

All the best,


Digital Support
Digital Support

 @starke_be-terna @sri_c003 @Yossi @paulselousyoriz @Tamal_B @EliGohar 

A new set of patches was released that addresses an additional vulnerability, and the previous ones are addressed here. The patches date back further to additional versions. See Qlik Sense Enterprise for Windows - New Security Patches Available Now.

(I am sorry I couldn't tag you, Or, but the tagging feature needs three letters and your name is not coming up in the recent selections.)

All the best,

Partner - Creator II
Partner - Creator II


Thank you for the Feb 2022 patch - February 2022 Patch 15