Alteryx Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Alteryx Server.
By the Year
In 2026 there have been 0 vulnerabilities in Alteryx Server. Last year, in 2025 Alteryx Server had 5 security vulnerabilities published. Right now, Alteryx Server is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 5 | 6.35 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 4.80 |
It may take a day or so for new Alteryx Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Alteryx Server Security Vulnerabilities
Alteryx Server Improper Auth /gallery/api/status/ Fixed in 2025.1.1.1.31
CVE-2025-15097
7.3 - High
- December 26, 2025
A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.
authentification
Alteryx Server 2022.1.1.42654-2024.1: API MongoDB ID Auth Flaw
CVE-2025-63291
5.4 - Medium
- November 14, 2025
When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying particlar MongoDB object IDs, callers could obtain records for other users without proper authorization. Records retrievable using this attack included administrative API keys and private studio api keys.
Incorrect Use of Privileged APIs
XSS in Alteryx Server 2023.1.1.460 via Notification Body
CVE-2025-28245
- July 10, 2025
Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body.
Alteryx Server 2023.1.1.460 LocalStorage Insecure Perms: Remote Token Theft
CVE-2025-28244
- July 10, 2025
Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover
Alteryx Server v2023.1.1.460: HTML injection via pages component
CVE-2025-28243
- July 10, 2025
An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component.
Alteryx Server 2022.1.1.42590: No type check in /gallery/api/media allows XSS
CVE-2023-26961
4.8 - Medium
- August 08, 2023
Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files (e.g., JavaScript content for stored XSS) via the type field in a JSON document within a PUT /gallery/api/media request.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Alteryx Server or by Alteryx? Click the Watch button to subscribe.
