Talend JobServer and Talend Runtime: Unsecured Monitoring Port Allows Remote Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Talend JobServer and Talend Runtime: Unsecured Monitoring Port Allows Remote Code Execution

CVE-2026-6264

Summary

A critical security weakness in Talend JobServer and Talend Runtime allows hackers to run malicious code on your system without a password. This happens when they access a special monitoring port on your system. To prevent this, update your software and set up password protection for the monitoring port.

Original title

Original description

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client authentication for the monitoring port; however, the patch must be applied for full mitigation. For Talend ESB Runtime, the vulnerability can be mitigated by disabling the JobServer JMX monitoring port, which is disabled by default from the R2024-07-RT patch.

nvd CVSS3.1 9.8

https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fix-fo...

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026