CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25957

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.4%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/cube-js/cube/security/advisories/GHSA-9vph-2hvm-x66g

Products affected by CVE-2026-25957

Cube » Cube.js » Version: 1.1.17

cpe:2.3:a:cube:cube.js:1.1.17
Cube » Cube.js » Version: 1.1.18

cpe:2.3:a:cube:cube.js:1.1.18
Cube » Cube.js » Version: 1.2.0

cpe:2.3:a:cube:cube.js:1.2.0
Cube » Cube.js » Version: 1.2.1

cpe:2.3:a:cube:cube.js:1.2.1
Cube » Cube.js » Version: 1.2.10

cpe:2.3:a:cube:cube.js:1.2.10
Cube » Cube.js » Version: 1.2.11

cpe:2.3:a:cube:cube.js:1.2.11
Cube » Cube.js » Version: 1.2.12

cpe:2.3:a:cube:cube.js:1.2.12
Cube » Cube.js » Version: 1.2.13

cpe:2.3:a:cube:cube.js:1.2.13
Cube » Cube.js » Version: 1.2.14

cpe:2.3:a:cube:cube.js:1.2.14
Cube » Cube.js » Version: 1.2.15

cpe:2.3:a:cube:cube.js:1.2.15
Cube » Cube.js » Version: 1.2.16

cpe:2.3:a:cube:cube.js:1.2.16
Cube » Cube.js » Version: 1.2.17

cpe:2.3:a:cube:cube.js:1.2.17
Cube » Cube.js » Version: 1.2.18

cpe:2.3:a:cube:cube.js:1.2.18
Cube » Cube.js » Version: 1.2.19

cpe:2.3:a:cube:cube.js:1.2.19
Cube » Cube.js » Version: 1.2.2

cpe:2.3:a:cube:cube.js:1.2.2
Cube » Cube.js » Version: 1.2.20

cpe:2.3:a:cube:cube.js:1.2.20
Cube » Cube.js » Version: 1.2.21

cpe:2.3:a:cube:cube.js:1.2.21
Cube » Cube.js » Version: 1.2.22

cpe:2.3:a:cube:cube.js:1.2.22
Cube » Cube.js » Version: 1.2.23

cpe:2.3:a:cube:cube.js:1.2.23
Cube » Cube.js » Version: 1.2.24

cpe:2.3:a:cube:cube.js:1.2.24
Cube » Cube.js » Version: 1.2.25

cpe:2.3:a:cube:cube.js:1.2.25
Cube » Cube.js » Version: 1.2.26

cpe:2.3:a:cube:cube.js:1.2.26
Cube » Cube.js » Version: 1.2.27

cpe:2.3:a:cube:cube.js:1.2.27
Cube » Cube.js » Version: 1.2.28

cpe:2.3:a:cube:cube.js:1.2.28
Cube » Cube.js » Version: 1.2.29

cpe:2.3:a:cube:cube.js:1.2.29
Cube » Cube.js » Version: 1.2.3

cpe:2.3:a:cube:cube.js:1.2.3
Cube » Cube.js » Version: 1.2.30

cpe:2.3:a:cube:cube.js:1.2.30
Cube » Cube.js » Version: 1.2.31

cpe:2.3:a:cube:cube.js:1.2.31
Cube » Cube.js » Version: 1.2.32

cpe:2.3:a:cube:cube.js:1.2.32
Cube » Cube.js » Version: 1.2.33

cpe:2.3:a:cube:cube.js:1.2.33
Cube » Cube.js » Version: 1.2.34

cpe:2.3:a:cube:cube.js:1.2.34
Cube » Cube.js » Version: 1.2.4

cpe:2.3:a:cube:cube.js:1.2.4
Cube » Cube.js » Version: 1.2.5

cpe:2.3:a:cube:cube.js:1.2.5
Cube » Cube.js » Version: 1.2.6

cpe:2.3:a:cube:cube.js:1.2.6
Cube » Cube.js » Version: 1.2.7

cpe:2.3:a:cube:cube.js:1.2.7
Cube » Cube.js » Version: 1.2.8

cpe:2.3:a:cube:cube.js:1.2.8
Cube » Cube.js » Version: 1.2.9

cpe:2.3:a:cube:cube.js:1.2.9
Cube » Cube.js » Version: 1.3.0

cpe:2.3:a:cube:cube.js:1.3.0
Cube » Cube.js » Version: 1.3.1

cpe:2.3:a:cube:cube.js:1.3.1
Cube » Cube.js » Version: 1.3.10

cpe:2.3:a:cube:cube.js:1.3.10
Cube » Cube.js » Version: 1.3.11

cpe:2.3:a:cube:cube.js:1.3.11
Cube » Cube.js » Version: 1.3.12

cpe:2.3:a:cube:cube.js:1.3.12
Cube » Cube.js » Version: 1.3.13

cpe:2.3:a:cube:cube.js:1.3.13
Cube » Cube.js » Version: 1.3.14

cpe:2.3:a:cube:cube.js:1.3.14
Cube » Cube.js » Version: 1.3.15

cpe:2.3:a:cube:cube.js:1.3.15
Cube » Cube.js » Version: 1.3.16

cpe:2.3:a:cube:cube.js:1.3.16
Cube » Cube.js » Version: 1.3.17

cpe:2.3:a:cube:cube.js:1.3.17
Cube » Cube.js » Version: 1.3.18

cpe:2.3:a:cube:cube.js:1.3.18
Cube » Cube.js » Version: 1.3.19

cpe:2.3:a:cube:cube.js:1.3.19
Cube » Cube.js » Version: 1.3.2

cpe:2.3:a:cube:cube.js:1.3.2
Cube » Cube.js » Version: 1.3.20

cpe:2.3:a:cube:cube.js:1.3.20
Cube » Cube.js » Version: 1.3.21

cpe:2.3:a:cube:cube.js:1.3.21
Cube » Cube.js » Version: 1.3.22

cpe:2.3:a:cube:cube.js:1.3.22
Cube » Cube.js » Version: 1.3.23

cpe:2.3:a:cube:cube.js:1.3.23
Cube » Cube.js » Version: 1.3.24

cpe:2.3:a:cube:cube.js:1.3.24
Cube » Cube.js » Version: 1.3.25

cpe:2.3:a:cube:cube.js:1.3.25
Cube » Cube.js » Version: 1.3.26

cpe:2.3:a:cube:cube.js:1.3.26
Cube » Cube.js » Version: 1.3.27

cpe:2.3:a:cube:cube.js:1.3.27
Cube » Cube.js » Version: 1.3.28

cpe:2.3:a:cube:cube.js:1.3.28
Cube » Cube.js » Version: 1.3.29

cpe:2.3:a:cube:cube.js:1.3.29
Cube » Cube.js » Version: 1.3.3

cpe:2.3:a:cube:cube.js:1.3.3
Cube » Cube.js » Version: 1.3.30

cpe:2.3:a:cube:cube.js:1.3.30
Cube » Cube.js » Version: 1.3.31

cpe:2.3:a:cube:cube.js:1.3.31
Cube » Cube.js » Version: 1.3.32

cpe:2.3:a:cube:cube.js:1.3.32
Cube » Cube.js » Version: 1.3.33

cpe:2.3:a:cube:cube.js:1.3.33
Cube » Cube.js » Version: 1.3.34

cpe:2.3:a:cube:cube.js:1.3.34
Cube » Cube.js » Version: 1.3.35

cpe:2.3:a:cube:cube.js:1.3.35
Cube » Cube.js » Version: 1.3.36

cpe:2.3:a:cube:cube.js:1.3.36
Cube » Cube.js » Version: 1.3.37

cpe:2.3:a:cube:cube.js:1.3.37
Cube » Cube.js » Version: 1.3.38

cpe:2.3:a:cube:cube.js:1.3.38
Cube » Cube.js » Version: 1.3.39

cpe:2.3:a:cube:cube.js:1.3.39
Cube » Cube.js » Version: 1.3.4

cpe:2.3:a:cube:cube.js:1.3.4
Cube » Cube.js » Version: 1.3.40

cpe:2.3:a:cube:cube.js:1.3.40
Cube » Cube.js » Version: 1.3.41

cpe:2.3:a:cube:cube.js:1.3.41
Cube » Cube.js » Version: 1.3.42

cpe:2.3:a:cube:cube.js:1.3.42
Cube » Cube.js » Version: 1.3.43

cpe:2.3:a:cube:cube.js:1.3.43
Cube » Cube.js » Version: 1.3.44

cpe:2.3:a:cube:cube.js:1.3.44
Cube » Cube.js » Version: 1.3.45

cpe:2.3:a:cube:cube.js:1.3.45
Cube » Cube.js » Version: 1.3.46

cpe:2.3:a:cube:cube.js:1.3.46
Cube » Cube.js » Version: 1.3.47

cpe:2.3:a:cube:cube.js:1.3.47
Cube » Cube.js » Version: 1.3.48

cpe:2.3:a:cube:cube.js:1.3.48
Cube » Cube.js » Version: 1.3.49

cpe:2.3:a:cube:cube.js:1.3.49
Cube » Cube.js » Version: 1.3.5

cpe:2.3:a:cube:cube.js:1.3.5
Cube » Cube.js » Version: 1.3.50

cpe:2.3:a:cube:cube.js:1.3.50
Cube » Cube.js » Version: 1.3.51

cpe:2.3:a:cube:cube.js:1.3.51
Cube » Cube.js » Version: 1.3.52

cpe:2.3:a:cube:cube.js:1.3.52
Cube » Cube.js » Version: 1.3.53

cpe:2.3:a:cube:cube.js:1.3.53
Cube » Cube.js » Version: 1.3.54

cpe:2.3:a:cube:cube.js:1.3.54
Cube » Cube.js » Version: 1.3.55

cpe:2.3:a:cube:cube.js:1.3.55
Cube » Cube.js » Version: 1.3.56

cpe:2.3:a:cube:cube.js:1.3.56
Cube » Cube.js » Version: 1.3.57

cpe:2.3:a:cube:cube.js:1.3.57
Cube » Cube.js » Version: 1.3.58

cpe:2.3:a:cube:cube.js:1.3.58
Cube » Cube.js » Version: 1.3.59

cpe:2.3:a:cube:cube.js:1.3.59
Cube » Cube.js » Version: 1.3.6

cpe:2.3:a:cube:cube.js:1.3.6
Cube » Cube.js » Version: 1.3.60

cpe:2.3:a:cube:cube.js:1.3.60
Cube » Cube.js » Version: 1.3.61

cpe:2.3:a:cube:cube.js:1.3.61
Cube » Cube.js » Version: 1.3.62

cpe:2.3:a:cube:cube.js:1.3.62
Cube » Cube.js » Version: 1.3.63

cpe:2.3:a:cube:cube.js:1.3.63
Cube » Cube.js » Version: 1.3.64

cpe:2.3:a:cube:cube.js:1.3.64
Cube » Cube.js » Version: 1.3.65

cpe:2.3:a:cube:cube.js:1.3.65
Cube » Cube.js » Version: 1.3.66

cpe:2.3:a:cube:cube.js:1.3.66
Cube » Cube.js » Version: 1.3.67

cpe:2.3:a:cube:cube.js:1.3.67
Cube » Cube.js » Version: 1.3.68

cpe:2.3:a:cube:cube.js:1.3.68
Cube » Cube.js » Version: 1.3.69

cpe:2.3:a:cube:cube.js:1.3.69
Cube » Cube.js » Version: 1.3.7

cpe:2.3:a:cube:cube.js:1.3.7
Cube » Cube.js » Version: 1.3.70

cpe:2.3:a:cube:cube.js:1.3.70
Cube » Cube.js » Version: 1.3.71

cpe:2.3:a:cube:cube.js:1.3.71
Cube » Cube.js » Version: 1.3.72

cpe:2.3:a:cube:cube.js:1.3.72
Cube » Cube.js » Version: 1.3.73

cpe:2.3:a:cube:cube.js:1.3.73
Cube » Cube.js » Version: 1.3.74

cpe:2.3:a:cube:cube.js:1.3.74
Cube » Cube.js » Version: 1.3.75

cpe:2.3:a:cube:cube.js:1.3.75
Cube » Cube.js » Version: 1.3.76

cpe:2.3:a:cube:cube.js:1.3.76
Cube » Cube.js » Version: 1.3.77

cpe:2.3:a:cube:cube.js:1.3.77
Cube » Cube.js » Version: 1.3.78

cpe:2.3:a:cube:cube.js:1.3.78
Cube » Cube.js » Version: 1.3.79

cpe:2.3:a:cube:cube.js:1.3.79
Cube » Cube.js » Version: 1.3.8

cpe:2.3:a:cube:cube.js:1.3.8
Cube » Cube.js » Version: 1.3.80

cpe:2.3:a:cube:cube.js:1.3.80
Cube » Cube.js » Version: 1.3.81

cpe:2.3:a:cube:cube.js:1.3.81
Cube » Cube.js » Version: 1.3.82

cpe:2.3:a:cube:cube.js:1.3.82
Cube » Cube.js » Version: 1.3.83

cpe:2.3:a:cube:cube.js:1.3.83
Cube » Cube.js » Version: 1.3.84

cpe:2.3:a:cube:cube.js:1.3.84
Cube » Cube.js » Version: 1.3.85

cpe:2.3:a:cube:cube.js:1.3.85
Cube » Cube.js » Version: 1.3.86

cpe:2.3:a:cube:cube.js:1.3.86
Cube » Cube.js » Version: 1.3.9

cpe:2.3:a:cube:cube.js:1.3.9
Cube » Cube.js » Version: 1.4.0

cpe:2.3:a:cube:cube.js:1.4.0
Cube » Cube.js » Version: 1.4.1

cpe:2.3:a:cube:cube.js:1.4.1
Cube » Cube.js » Version: 1.5.0

cpe:2.3:a:cube:cube.js:1.5.0
Cube » Cube.js » Version: 1.5.1

cpe:2.3:a:cube:cube.js:1.5.1
Cube » Cube.js » Version: 1.5.10

cpe:2.3:a:cube:cube.js:1.5.10
Cube » Cube.js » Version: 1.5.11

cpe:2.3:a:cube:cube.js:1.5.11
Cube » Cube.js » Version: 1.5.12

cpe:2.3:a:cube:cube.js:1.5.12
Cube » Cube.js » Version: 1.5.2

cpe:2.3:a:cube:cube.js:1.5.2
Cube » Cube.js » Version: 1.5.3

cpe:2.3:a:cube:cube.js:1.5.3
Cube » Cube.js » Version: 1.5.4

cpe:2.3:a:cube:cube.js:1.5.4
Cube » Cube.js » Version: 1.5.5

cpe:2.3:a:cube:cube.js:1.5.5
Cube » Cube.js » Version: 1.5.6

cpe:2.3:a:cube:cube.js:1.5.6
Cube » Cube.js » Version: 1.5.7

cpe:2.3:a:cube:cube.js:1.5.7
Cube » Cube.js » Version: 1.5.8

cpe:2.3:a:cube:cube.js:1.5.8
Cube » Cube.js » Version: 1.5.9

cpe:2.3:a:cube:cube.js:1.5.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25957

Products

Pricing

Contact Us