Primary

Context

Cube Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability has been identified in Cube versions 0.27.19 prior to 1.5.13, as well as in versions 1.4.2 and 1.0.14. The issue arises from the ability to send a specially crafted request with a valid API token, leading to unauthorized privilege escalation.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation.

Remediation

Users can upgrade to Cube version 1.5.13 or later, version 1.4.2 (active LTS release), or version 1.0.14 (end-of-life LTS release) to address this vulnerability.

Added: Feb 10, 2026, 12:09 AM

Updated: Feb 10, 2026, 12:09 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

7.7

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

7.7

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cube Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cube

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating