← ExploitWatch
HomeExploited Vulnerabilities

CVE-2023-41266 — Actively Exploited: Sense (Qlik)

Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.

CVE IDCVE-2023-41266
VendorQlik
ProductSense
Vulnerability nameQlik Sense Path Traversal Vulnerability
Date added2023-12-07
Remediation due2023-12-28
Known ransomware useKnown
Required actionApply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
DescriptionQlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →