Critical Talend Vulnerabilities Enable Remote Code Execution

EXECUTIVE SUMMARY:

Vulnerability have been identified in Talend JobServer and Talend Runtime. The affected products and versions include all versions before TPS-6017 (8.0) or TPS-6018 (7.3) of Talend JobServer and all versions before 8.0.1.R2026-01-RT or 7.3.1-R2026-01 of Talend Runtime. These vulnerabilities are primarily of a Remote Code Execution (RCE) nature, allowing an attacker to execute arbitrary commands, manipulate data, and perform lateral movement. The business risk and impact of these vulnerabilities are severe, as a successful breach could result in the complete compromise of the server's integrity, allowing an attacker to seize total control of affected servers. This could lead to significant data breaches, system crashes, and reputational damage.[emaillocker id="1283"]

CVE-2026-6264 with a CVSS score of 9.8 – This vulnerability allows an attacker to gain full remote code execution on the Talend JobServer and Talend Runtime servers by exploiting the JMX monitoring port, which can be reached remotely and lacks sufficient authentication in many default configurations.

The overall risk and urgency of this situation are extremely high, as the flaws were discovered and could be exploited by attackers. The business consequences of a successful exploitation are severe, including data breaches, system crashes, and reputational damage. Organizations relying on Talend JobServer and Talend Runtime for their data orchestration and runtime environments should take immediate action to address these vulnerabilities and prevent potential breaches.

RECOMMENDATION:

We recommend you to update Talend JobServer to version TPS-6017 (8.0) or TPS-6018 (7.3), and update Talend Runtime to version 8.0.1.R2026-01-RT or 7.3.1-R2026-01.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/talend-jobserver-rce-vulnerability-cve-2026-6264/