CVE-2026-11618: DTStack Taier Authentication Bypass in Source Connection Test
DTStack Taier, a data integration platform, contains an authentication bypass vulnerability in its login interceptor component that allows remote attackers to circumvent authentication controls without any credentials or user interaction. The vulnerability affects all versions up to 1.4.0 and has been publicly disclosed, increasing immediate exploitation risk.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.3 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Weaknesses (CWE)
- CWE-287
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-09 / 2026-06-17
NVD description (verbatim)
A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called f95389e7f74acec42bcee079a616aaa06f9551d2. A patch should be applied to remediate this issue.
8 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability exists in the LoginInterceptor.java file's preHandle function, which handles authentication logic for the Source Connection Test Endpoint. The improper authentication implementation (CWE-287) allows attackers to manipulate the authentication flow, effectively bypassing login controls. The flaw permits unauthenticated remote access to functionality that should require valid credentials. A patch has been identified (commit f95389e7f74acec42bcee079a616aaa06f9551d2) to address the root cause.
Business impact
Unauthorized access to Taier's data connection testing capabilities could allow attackers to enumerate configured data sources, test connections to backend databases, or pivot into connected systems. This exposes sensitive infrastructure details and data store configurations. For organizations using Taier in production data pipelines, this represents a direct path for credential harvesting and lateral movement into data warehouses or analytics systems.
Affected systems
DTStack Taier versions up to and including 1.4.0 are affected. The vulnerability specifically impacts instances with the Source Connection Test Endpoint accessible over the network. Verify your deployed version against the official DTStack release notes and determine network exposure of affected endpoints.
Exploitability
This vulnerability is highly exploitable. It requires no authentication, no user interaction, and can be triggered over the network with minimal complexity. Public disclosure increases the likelihood of active exploitation. The CVSS 3.1 score of 7.3 (HIGH) reflects the combination of network accessibility and the compromise of authentication controls, though impact is somewhat limited to confidentiality and integrity rather than availability.
Remediation
Apply the patch identified in commit f95389e7f74acec42bcee079a616aaa06f9551d2 to affected Taier installations. Review DTStack's official security advisories and release notes to confirm the exact patched version number and deployment procedures. Verify with your DTStack vendor contact for the corresponding release version that incorporates this commit.
Patch guidance
Obtain the patched version from DTStack's official repository or distribution channel that includes commit f95389e7f74acec42bcee079a616aaa06f9551d2. Before applying: (1) back up your Taier configuration and metadata database, (2) test the patch in a non-production environment that mirrors your data source configurations, (3) verify that data connection tests function correctly post-patch, and (4) plan a maintenance window for production deployment. Follow DTStack's upgrade documentation for any configuration migration steps.
Detection guidance
Monitor for unauthorized or suspicious requests to Source Connection Test Endpoints, particularly those originating from untrusted networks or lacking valid session tokens. Review authentication logs for failed login attempts followed by successful API calls without re-authentication. Look for patterns of rapid connection testing or enumeration of data sources by unauthenticated users. Implement network-level access controls restricting the Taier endpoint to trusted internal networks pending patching.
Why prioritize this
This vulnerability warrants immediate attention due to the combination of network accessibility, lack of authentication requirements, public disclosure, and direct exposure of sensitive data source infrastructure. Although not yet on the CISA KEV catalog, the public availability of exploit details and the ease of weaponization make this a priority for patching ahead of routine schedules.
Risk score, explained
The CVSS 3.1 score of 7.3 reflects a HIGH-severity issue driven by network accessibility (AV:N), low attack complexity (AC:L), and no privilege or user interaction requirements (PR:N/UI:N). The impact spans confidentiality, integrity, and availability of the affected endpoint (C:L/I:L/A:L), though not the entire system. The absence of scope change (S:U) limits the score; a broader scope would increase severity further.
Frequently asked questions
Does this vulnerability allow direct access to my databases?
No. The vulnerability grants unauthorized access to Taier's connection testing endpoint, which allows an attacker to test whether preconfigured data sources are reachable and functional. This does not directly compromise the databases themselves, but it exposes their existence, configuration details, and connectivity status—enabling attackers to plan further attacks.
Is there a temporary mitigation if I cannot patch immediately?
Yes. Restrict network access to your Taier instance to trusted internal networks only, using firewall rules or VPC security groups. Disable or hide the Source Connection Test Endpoint if your deployment allows it. Monitor authentication logs closely for suspicious activity. These measures reduce exposure but do not eliminate the vulnerability; patching remains essential.
How do I verify which version of Taier I am running?
Check your Taier installation directory or startup logs for version information. Consult your application configuration files or the Taier web UI (if accessible) for version details. Compare against DTStack's official release timeline to determine if your version is at or below 1.4.0.
Will this patch affect my existing data source configurations?
The patch addresses the authentication bypass in the LoginInterceptor, not the data source configuration storage. Your existing connections and configurations should remain intact after patching. Always test in a staging environment first to confirm compatibility with your specific setup and DTStack extensions.
This analysis is based on publicly disclosed vulnerability information current as of the advisory publication date. Verify all technical details, patch version numbers, and affected product versions against DTStack's official security advisories and release notes. Test patches thoroughly in non-production environments before deployment. Organizations should consult their security team and vendor contacts for guidance specific to their infrastructure and deployment model. Source: NVD (public-domain), retrieved 2026-07-15. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2026-10157HIGHOpen5GS NGAP Authentication Bypass Vulnerability – 5G Core Network Risk
- CVE-2026-10167HIGHAuthentication Bypass in BrinaryBrains School Management System
- CVE-2026-10243HIGHSmart Parking System 1.0 Authentication Bypass – Remote Admin Access
- CVE-2026-10281HIGHEnderfga claw-orchestrator Authentication Bypass – Patch Available
- CVE-2026-10288HIGHHotel Reservation System Admin Authentication Bypass
- CVE-2026-10617HIGHGoClaw Webhook Authentication Bypass – Remote Exploitation
- CVE-2026-10619HIGHsayan365 Student-Management-System Remote Authentication Bypass
- CVE-2026-10777HIGHealpha072 Student-Management-System Authentication Bypass in Admin Backend