Palantir Dossier and Slides Apps Security Marking Vulnerability

A vulnerability exists in the Palantir Dossier and Slides applications, specifically in versions 100.30250502.0 to 100.30251002.0, excluding the endpoints of these ranges. The issue arises from uploaded file artifacts not inheriting the correct security markings from their parent artifacts. This flaw can lead to unintended access to the files. The problem was introduced by a change in May 2025, which altered the default security level for uploads from a synchronized state with parent artifacts to a 'custom' setting. In deployments without Classification Backed Access Controls (CBAC), this change resulted in uploads being marked with a 'CUSTOM' level, lacking appropriate markings or dataset selections. Consequently, such uploads would only reflect the 'Default authorization rules' that typically include the 'Everyone' group.

Impact

The vulnerability can result in uploaded files being accessible to all users, due to insufficient security markings.

Remediation

Palantir has released fixes for this vulnerability in version 3.25.10.2, which has been backported to major release channels. Affected versions on Palantir-managed environments have been recalled, and a support campaign is in place to track upgrades. For instances where uploaded file artifacts are not referenced by any parent artifact, manual remediation may be required.