LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-6264

CVE-2026-6264 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 14, 2026

Talend JobServer & Runtime - Remote Code Execution

Published: April 14, 2026Updated: April 14, 2026Remote Exploitable

Overview

Talend JobServer and Talend Runtime contain a remote code execution caused by unauthenticated access via the JMX monitoring port, letting remote attackers execute arbitrary code, exploit requires access to the JMX monitoring port.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code, potentially leading to full system compromise.

Mitigation

Apply the patch for Talend JobServer and disable the JMX monitoring port for Talend ESB Runtime or update to R2024-07-RT or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 14, 2026

šŸ”“ CVE-2026-6264 - Critical (9.8) A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-6264/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 14, 2026

šŸ”“ CRITICAL: CVE-2026-6264 affects Talend JobServer 8.0 & 7.3. Unauthenticated RCE via JMX port ā€” patch immediately or require TLS client auth for mitigation. Disable JMX in Runtime if possible. Details: https://radar.offseq.com/threat/cve-2026-6264-cwe-306-missing-authentication-for-c-26a424cb #OffSeq #Talend #Vuln #RCE #Infosec

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 14, 2026

šŸ”“ CVE-2026-6264 - Critical (9.8) A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-6264/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 14, 2026

šŸ”“ CRITICAL: CVE-2026-6264 affects Talend JobServer 8.0 & 7.3. Unauthenticated RCE via JMX port ā€” patch immediately or require TLS client auth for mitigation. Disable JMX in Runtime if possible. Details: https://radar.offseq.com/threat/cve-2026-6264-cwe-306-missing-authentication-for-c-26a424cb #OffSeq #Talend #Vuln #RCE #Infosec

View original post

Related Resources

Details

CVE ID
CVE-2026-6264
Severity
Critical
CVSS Score
9.8
Type
undefined
Status
new
EPSS
0.0%
Social Posts
4

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days