Alteryx Alteryx Server — known CVE vulnerabilities
Every CVE whose affected-product data names Alteryx Alteryx Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2025-28244 — CVSS 8.8 (high): Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session…
CVE-2025-28243 — CVSS 8.0 (high): An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component.
CVE-2025-28245 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2025-63291 — CVSS 5.4 (medium): When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being…
CVE-2023-26961 — CVSS 4.8 (medium): Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload…