Qlik Talend Administration Center - Security Patch... - Qlik Community

Sonja_Bauernfeind

The following two Qlik Talend Administration Center security issues have been identified and subsequently resolved. Patches are already available.

URL access control vulnerability (CVE-2026-pending)

A broken access control issue has been identified in Qlik Talend Administration Center, which allows a user with View permission to modify the Qlik Talend Studio update URL.

Affected Software

All versions of Qlik Talend Administration Center before Patch_20251121_QTAC-1471_R2025-11_v1-8.0.1.

See Security fix for Qlik Talend Administration Center URL access control vulnerability (CVE-2026-pendin... for details.

Cross-site scripting vulnerability (CVE-2026-pending)

A stored cross-site scripting security issue in the Qlik Talend Administration Center has been identified.

Affected Software

All versions of Qlik Talend Administration Center before Patch_20260123_QTAC-1883 (cumulative patch)_R2026-01_v1-8.0.1 are affected.

See Security fix for Qlik Talend Administration Center cross-site scripting vulnerability (CVE-2026-pend... for details.

Recommendation

Upgrade at the earliest. The following table lists the patch versions addressing the vulnerabilities.

Always update to the latest version. Before you upgrade, check if a more recent release is available.

Product	Patch	Release Date
Qlik Talend Administration Center URL access control vulnerability	QTAC-1471	November 21, 2025
Qlik Talend Administration Center cross-site scripting vulnerability	QTAC-1883	January 23, 2026

Thank you for choosing Qlik,
Qlik Support

Qlik Talend Administration Center - Security Patches Available

URL access control vulnerability (CVE-2026-pending)

Cross-site scripting vulnerability (CVE-2026-pending)

Recommendation